An introduction to Digital Security - Rishabh Dangwal

2,016 views

Published on

A presentation which provides insights in mobile hacking, XSS, network security and digital security in general

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :            www.goo.gl/yT1SNP
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
2,016
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
27
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

An introduction to Digital Security - Rishabh Dangwal

  1. 1. Devinder Goyal Parul Khanna Rishabh Dangwal
  2. 2. <ul><li>Independent security researchers specializing in their domain . </li></ul><ul><li>We have provided corporate security solutions to the worthy . </li></ul><ul><li>Inculcated the sense of digital security in the generation of today . </li></ul>
  3. 3. <ul><li>Security is a misconception . </li></ul><ul><li>No Security, only opportunity. </li></ul><ul><li>Proactive security is notch better than Reactive and Preventive security. </li></ul><ul><li>Needless to say, security is directly proportional to the awareness. </li></ul>
  4. 4. <ul><li>Countless websites are defaced just for fun. </li></ul><ul><li>Prominent methods include SQLi, RFI, LFI, Zero-day/Zero-hour exploits </li></ul><ul><li>Massive threat if executed carefully. </li></ul>
  5. 5. <ul><li>Propaganda. </li></ul><ul><li>Possible server/data center access. </li></ul><ul><li>Sensitive Information disclosure. </li></ul><ul><li>Practice by script-kiddies/skids. </li></ul><ul><li>Possible botnet creation. </li></ul>
  6. 6. <ul><li>Upload our backdoor by any means on server. </li></ul><ul><li>Relies on php include() function . Vulnerable sites will have code like this - </li></ul><ul><li>Index.php?page=something </li></ul><ul><li>In place of “ something ” we can upload our backdoor. </li></ul>
  7. 7. <ul><li>Search vulnerable websites using Google dork </li></ul><ul><li>“ inurl:index.php?page=” </li></ul><ul><li>Or </li></ul><ul><li>inurl:&quot;main.php?x=&quot; </li></ul><ul><li>Test it by inputting some parameter In the variable, if successful, exploit it. </li></ul>
  8. 8. <ul><li>Attacker can access all data on server by manipulation URL. </li></ul><ul><li>Directory traversal attack. </li></ul><ul><li>Manipulates php functions to get file level access. </li></ul><ul><li>xyz.com/main.php?page=../../etc/ passwd </li></ul>
  9. 9. <ul><li>Client side attack, allows to bypass client side security mechanism </li></ul><ul><li>Web 2.0 security nightmare </li></ul>
  10. 10. <ul><li>Persistent XSS – Inserted code is Permanent. </li></ul><ul><li>Non Persistent XSS – Inserted code is not permanent </li></ul>
  11. 11. <ul><li>Misuse of XSS - </li></ul><ul><li>Steal cookies </li></ul><ul><li>Log information </li></ul><ul><li>Deface pages </li></ul><ul><li>Spread misinformation </li></ul><ul><li>URL redirection </li></ul>
  12. 12. <ul><li>GSM/CDMA data stored at base station can be used to trace location. </li></ul><ul><li>Calls can be spoofed using commercially available spoof cards. </li></ul><ul><li>No regulation on call spoofing. </li></ul><ul><li>Google : Call Spoofing </li></ul>
  13. 13. <ul><li>SMS Bombing </li></ul><ul><li>Phone Explosion due to overheating of phone IC </li></ul><ul><li>Sim Cloning </li></ul>
  14. 14. <ul><li>Google reveals secrets, provided you know how to ask </li></ul><ul><li>Efficient manipulation of dorks </li></ul><ul><li>Automated tools </li></ul><ul><li>Find anything </li></ul>
  15. 15. <ul><li>One of the most exotic places on the web </li></ul><ul><li>Considered as the holy grail of all information </li></ul><ul><li>Archives of classified information available </li></ul><ul><li>Hotline/KDX access and UUCP </li></ul>
  16. 16. <ul><li>Protocol defying tools like Gobbler/yersinia </li></ul><ul><li>Black market has the sploits </li></ul><ul><li>Easy to setup LOIC, and spam with ddos </li></ul><ul><li>Exotic tools can be coded by efficient coders </li></ul>
  17. 17. <ul><li>Casual hunting through Shodan </li></ul><ul><li>Open source opens portals for security </li></ul><ul><li>Defeat latest security technologies (UTM/XTM) using custom blended attacks. </li></ul>
  18. 18. <ul><li>Again..The only secure computer is the one guarded by 2 guards buried 6 feet down the earth with no internet connection in power off state. </li></ul><ul><li>Obscurity is not Security. </li></ul><ul><li>Open Source rules </li></ul>
  19. 20. <ul><li>Thank You </li></ul>

×