Your SlideShare is downloading. ×
An introduction to Digital Security - Rishabh Dangwal
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

An introduction to Digital Security - Rishabh Dangwal

1,509
views

Published on

A presentation which provides insights in mobile hacking, XSS, network security and digital security in general

A presentation which provides insights in mobile hacking, XSS, network security and digital security in general

Published in: Technology

1 Comment
0 Likes
Statistics
Notes
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :            www.goo.gl/yT1SNP
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,509
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Devinder Goyal Parul Khanna Rishabh Dangwal
  • 2.
    • Independent security researchers specializing in their domain .
    • We have provided corporate security solutions to the worthy .
    • Inculcated the sense of digital security in the generation of today .
  • 3.
    • Security is a misconception .
    • No Security, only opportunity.
    • Proactive security is notch better than Reactive and Preventive security.
    • Needless to say, security is directly proportional to the awareness.
  • 4.
    • Countless websites are defaced just for fun.
    • Prominent methods include SQLi, RFI, LFI, Zero-day/Zero-hour exploits
    • Massive threat if executed carefully.
  • 5.
    • Propaganda.
    • Possible server/data center access.
    • Sensitive Information disclosure.
    • Practice by script-kiddies/skids.
    • Possible botnet creation.
  • 6.
    • Upload our backdoor by any means on server.
    • Relies on php include() function . Vulnerable sites will have code like this -
    • Index.php?page=something
    • In place of “ something ” we can upload our backdoor.
  • 7.
    • Search vulnerable websites using Google dork
    • “ inurl:index.php?page=”
    • Or
    • inurl:"main.php?x="
    • Test it by inputting some parameter In the variable, if successful, exploit it.
  • 8.
    • Attacker can access all data on server by manipulation URL.
    • Directory traversal attack.
    • Manipulates php functions to get file level access.
    • xyz.com/main.php?page=../../etc/ passwd
  • 9.
    • Client side attack, allows to bypass client side security mechanism
    • Web 2.0 security nightmare
  • 10.
    • Persistent XSS – Inserted code is Permanent.
    • Non Persistent XSS – Inserted code is not permanent
  • 11.
    • Misuse of XSS -
    • Steal cookies
    • Log information
    • Deface pages
    • Spread misinformation
    • URL redirection
  • 12.
    • GSM/CDMA data stored at base station can be used to trace location.
    • Calls can be spoofed using commercially available spoof cards.
    • No regulation on call spoofing.
    • Google : Call Spoofing
  • 13.
    • SMS Bombing
    • Phone Explosion due to overheating of phone IC
    • Sim Cloning
  • 14.
    • Google reveals secrets, provided you know how to ask
    • Efficient manipulation of dorks
    • Automated tools
    • Find anything
  • 15.
    • One of the most exotic places on the web
    • Considered as the holy grail of all information
    • Archives of classified information available
    • Hotline/KDX access and UUCP
  • 16.
    • Protocol defying tools like Gobbler/yersinia
    • Black market has the sploits
    • Easy to setup LOIC, and spam with ddos
    • Exotic tools can be coded by efficient coders
  • 17.
    • Casual hunting through Shodan
    • Open source opens portals for security
    • Defeat latest security technologies (UTM/XTM) using custom blended attacks.
  • 18.
    • Again..The only secure computer is the one guarded by 2 guards buried 6 feet down the earth with no internet connection in power off state.
    • Obscurity is not Security.
    • Open Source rules
  • 19.  
  • 20.
    • Thank You

×