SlideShare a Scribd company logo
1 of 38
Download to read offline
h0h0h0h0 Dan Kaminsky Director of Penetration Testing IOActive, Inc. copyright IOActive, Inc. 2006, all rights reserved.
H0h0h0h0? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Typos. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Typosquatting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The New Era Of Typosquatting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Problem:  They’re Spoofing Subdomains Too. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Intent ,[object Object],[object Object],[object Object],[object Object],[object Object]
This Should Seem Familiar
Parent Of Son Of Sitefinder Returns! ,[object Object],[object Object],[object Object],[object Object]
Times Square Effect:  Told Ya ,[object Object],[object Object],[object Object]
But What About Trademark Law? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Beautiful Synchrony ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
If? ,[object Object],[object Object]
Welcome to Barefruit.  ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
They’re Not Alone ,[object Object],[object Object],[object Object],[object Object]
Now, this is only a subdomain…what can you really do with a subdomain? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cookie Grab (Pre)
Cookie Grab (Post)
Can Also Fake Subdomains ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Fake Site (pre)
Fake Site (Post)
Fake Site (Post2)
But That’s Just Not Enough ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Choosing The Demo ,[object Object],[object Object],[object Object]
H0h0h0h0…and it ain’t just Facebook
MySpace
.Mac
Apple
Microsoft
Ebay
ToorCon
FOX NEWS
The Associated Press
In Case You’re Curious ,[object Object]
Coming Clean ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
So Now What ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object]

More Related Content

Similar to ISP Network Analyzing Tactics

How to Secure Your Website infographic
How to Secure Your Website infographicHow to Secure Your Website infographic
How to Secure Your Website infographicKwikturn Media
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Webroyans
 
DDoS mitigation in the real world
DDoS mitigation in the real worldDDoS mitigation in the real world
DDoS mitigation in the real worldMichael Renner
 
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksDEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksRuss McRee
 
WordCamp Miami- How to Hire a Web Firm to Build Your Website
WordCamp Miami- How to Hire a Web Firm to Build Your WebsiteWordCamp Miami- How to Hire a Web Firm to Build Your Website
WordCamp Miami- How to Hire a Web Firm to Build Your WebsiteAmanda Blum
 
Rapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products OverviewRapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products OverviewNickoloveLovemore
 
Black Hat Protection - SEO Campixx 2011
Black Hat Protection - SEO Campixx 2011Black Hat Protection - SEO Campixx 2011
Black Hat Protection - SEO Campixx 2011Andre Alpar
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Distance from Perfect: SEO and PPC Common Sense
Distance from Perfect: SEO and PPC Common SenseDistance from Perfect: SEO and PPC Common Sense
Distance from Perfect: SEO and PPC Common SenseIan Lurie
 
Are spiders eating your server
Are spiders eating your serverAre spiders eating your server
Are spiders eating your serverCarol Hamilton
 
How A Home Based Internet Business Essay
How A Home Based Internet Business EssayHow A Home Based Internet Business Essay
How A Home Based Internet Business EssayTameka Davis
 
Perfect Domain Name Essay
Perfect Domain Name EssayPerfect Domain Name Essay
Perfect Domain Name EssayLiz Sims
 
Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Juho Nurminen
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0:  Introducing the Domain Key InfrastructurePhreebird Suite 1.0:  Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 
Making the Internet Work for You
Making the Internet Work for YouMaking the Internet Work for You
Making the Internet Work for Youwebhostingguy
 

Similar to ISP Network Analyzing Tactics (20)

Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toor
 
How to Secure Your Website infographic
How to Secure Your Website infographicHow to Secure Your Website infographic
How to Secure Your Website infographic
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Web
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
 
DDoS mitigation in the real world
DDoS mitigation in the real worldDDoS mitigation in the real world
DDoS mitigation in the real world
 
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksDEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
 
Marketing Startup
Marketing StartupMarketing Startup
Marketing Startup
 
WordCamp Miami- How to Hire a Web Firm to Build Your Website
WordCamp Miami- How to Hire a Web Firm to Build Your WebsiteWordCamp Miami- How to Hire a Web Firm to Build Your Website
WordCamp Miami- How to Hire a Web Firm to Build Your Website
 
Rapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products OverviewRapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products Overview
 
Conficker
ConfickerConficker
Conficker
 
Black Hat Protection - SEO Campixx 2011
Black Hat Protection - SEO Campixx 2011Black Hat Protection - SEO Campixx 2011
Black Hat Protection - SEO Campixx 2011
 
Master your domain
Master your domainMaster your domain
Master your domain
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress Security
 
Distance from Perfect: SEO and PPC Common Sense
Distance from Perfect: SEO and PPC Common SenseDistance from Perfect: SEO and PPC Common Sense
Distance from Perfect: SEO and PPC Common Sense
 
Are spiders eating your server
Are spiders eating your serverAre spiders eating your server
Are spiders eating your server
 
How A Home Based Internet Business Essay
How A Home Based Internet Business EssayHow A Home Based Internet Business Essay
How A Home Based Internet Business Essay
 
Perfect Domain Name Essay
Perfect Domain Name EssayPerfect Domain Name Essay
Perfect Domain Name Essay
 
Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Let's pwn a chinese web browser!
Let's pwn a chinese web browser!
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0:  Introducing the Domain Key InfrastructurePhreebird Suite 1.0:  Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
 
Making the Internet Work for You
Making the Internet Work for YouMaking the Internet Work for You
Making the Internet Work for You
 

Recently uploaded

Islamic banking in Afghanistan from start until now
Islamic banking in Afghanistan from start until nowIslamic banking in Afghanistan from start until now
Islamic banking in Afghanistan from start until nowhamidzafar6
 
Buy-Side Leaps Into Gen AI Era by Jasper Colin
Buy-Side Leaps Into Gen AI Era by Jasper ColinBuy-Side Leaps Into Gen AI Era by Jasper Colin
Buy-Side Leaps Into Gen AI Era by Jasper ColinJasper Colin
 
Challenging Factors of Rural Women Entrepreneurs in West Bengal
Challenging Factors of Rural Women Entrepreneurs in West  BengalChallenging Factors of Rural Women Entrepreneurs in West  Bengal
Challenging Factors of Rural Women Entrepreneurs in West BengalNabarun Chakraborty
 
Swift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdfSwift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdfNeo4j
 
Stock Market Brief Deck FOR 3142024..pdf
Stock Market Brief Deck FOR 3142024..pdfStock Market Brief Deck FOR 3142024..pdf
Stock Market Brief Deck FOR 3142024..pdfMichael Silva
 
2024.03 Strategic Resources_Pub (1). pdf
2024.03 Strategic Resources_Pub (1). pdf2024.03 Strategic Resources_Pub (1). pdf
2024.03 Strategic Resources_Pub (1). pdfAdnet Communications
 
ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...
ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...
ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...indexPub
 
Economic Risk Factor Update: March 2024 [SlideShare]
Economic Risk Factor Update: March 2024 [SlideShare]Economic Risk Factor Update: March 2024 [SlideShare]
Economic Risk Factor Update: March 2024 [SlideShare]Commonwealth
 
powerpoint presentation about asian regioonalism
powerpoint presentation about asian regioonalismpowerpoint presentation about asian regioonalism
powerpoint presentation about asian regioonalismrezeraaisla
 
Mytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdf
Mytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdfMytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdf
Mytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdfNewsroom8
 
renaltumors upasana sahu Group 50.pptxism
renaltumors upasana sahu Group 50.pptxismrenaltumors upasana sahu Group 50.pptxism
renaltumors upasana sahu Group 50.pptxismthxz2fdqxw
 
AUDITING FRAUDS OF AN ENGLISH COMPANY.PPTX
AUDITING FRAUDS OF AN ENGLISH COMPANY.PPTXAUDITING FRAUDS OF AN ENGLISH COMPANY.PPTX
AUDITING FRAUDS OF AN ENGLISH COMPANY.PPTXkamikazekujoh
 
Planning of societal re/production in a commonist society
Planning of societal re/production in a commonist societyPlanning of societal re/production in a commonist society
Planning of societal re/production in a commonist societyStefanMz
 
Stock Market Brief Deck FOR 31124 yt.pdf
Stock Market Brief Deck FOR 31124 yt.pdfStock Market Brief Deck FOR 31124 yt.pdf
Stock Market Brief Deck FOR 31124 yt.pdfMichael Silva
 
The Role of Non-Banking Financial Companies (NBFCs).pdf
The Role of Non-Banking Financial Companies (NBFCs).pdfThe Role of Non-Banking Financial Companies (NBFCs).pdf
The Role of Non-Banking Financial Companies (NBFCs).pdfChampak Jhagmag
 
First, Second, and Third Generation Islamic Economicss
First, Second, and Third Generation Islamic EconomicssFirst, Second, and Third Generation Islamic Economicss
First, Second, and Third Generation Islamic EconomicssAsad Zaman
 
Pros and Cons of Interest-Only DSCR Loans
Pros and Cons of Interest-Only DSCR LoansPros and Cons of Interest-Only DSCR Loans
Pros and Cons of Interest-Only DSCR LoansPark Place Finance LLC
 
14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf
14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf
14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdfjamie766122
 
2024.03 Strategic Resources_Pub presentation
2024.03 Strategic Resources_Pub presentation2024.03 Strategic Resources_Pub presentation
2024.03 Strategic Resources_Pub presentationAdnet Communications
 

Recently uploaded (20)

Islamic banking in Afghanistan from start until now
Islamic banking in Afghanistan from start until nowIslamic banking in Afghanistan from start until now
Islamic banking in Afghanistan from start until now
 
Buy-Side Leaps Into Gen AI Era by Jasper Colin
Buy-Side Leaps Into Gen AI Era by Jasper ColinBuy-Side Leaps Into Gen AI Era by Jasper Colin
Buy-Side Leaps Into Gen AI Era by Jasper Colin
 
Challenging Factors of Rural Women Entrepreneurs in West Bengal
Challenging Factors of Rural Women Entrepreneurs in West  BengalChallenging Factors of Rural Women Entrepreneurs in West  Bengal
Challenging Factors of Rural Women Entrepreneurs in West Bengal
 
Swift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdfSwift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdf
 
Stock Market Brief Deck FOR 3142024..pdf
Stock Market Brief Deck FOR 3142024..pdfStock Market Brief Deck FOR 3142024..pdf
Stock Market Brief Deck FOR 3142024..pdf
 
2024.03 Strategic Resources_Pub (1). pdf
2024.03 Strategic Resources_Pub (1). pdf2024.03 Strategic Resources_Pub (1). pdf
2024.03 Strategic Resources_Pub (1). pdf
 
ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...
ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...
ANALYSIS OF BANK MANDIRI S HEALTH LEVEL BASED ON RISK PROFILE, GOOD CORPORATE...
 
Economic Risk Factor Update: March 2024 [SlideShare]
Economic Risk Factor Update: March 2024 [SlideShare]Economic Risk Factor Update: March 2024 [SlideShare]
Economic Risk Factor Update: March 2024 [SlideShare]
 
powerpoint presentation about asian regioonalism
powerpoint presentation about asian regioonalismpowerpoint presentation about asian regioonalism
powerpoint presentation about asian regioonalism
 
Mytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdf
Mytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdfMytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdf
Mytilineos (OW, TP_ €46.0_sh)_ Strong organic progress 14-03-2024.pdf
 
renaltumors upasana sahu Group 50.pptxism
renaltumors upasana sahu Group 50.pptxismrenaltumors upasana sahu Group 50.pptxism
renaltumors upasana sahu Group 50.pptxism
 
AUDITING FRAUDS OF AN ENGLISH COMPANY.PPTX
AUDITING FRAUDS OF AN ENGLISH COMPANY.PPTXAUDITING FRAUDS OF AN ENGLISH COMPANY.PPTX
AUDITING FRAUDS OF AN ENGLISH COMPANY.PPTX
 
Planning of societal re/production in a commonist society
Planning of societal re/production in a commonist societyPlanning of societal re/production in a commonist society
Planning of societal re/production in a commonist society
 
Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024
 
Stock Market Brief Deck FOR 31124 yt.pdf
Stock Market Brief Deck FOR 31124 yt.pdfStock Market Brief Deck FOR 31124 yt.pdf
Stock Market Brief Deck FOR 31124 yt.pdf
 
The Role of Non-Banking Financial Companies (NBFCs).pdf
The Role of Non-Banking Financial Companies (NBFCs).pdfThe Role of Non-Banking Financial Companies (NBFCs).pdf
The Role of Non-Banking Financial Companies (NBFCs).pdf
 
First, Second, and Third Generation Islamic Economicss
First, Second, and Third Generation Islamic EconomicssFirst, Second, and Third Generation Islamic Economicss
First, Second, and Third Generation Islamic Economicss
 
Pros and Cons of Interest-Only DSCR Loans
Pros and Cons of Interest-Only DSCR LoansPros and Cons of Interest-Only DSCR Loans
Pros and Cons of Interest-Only DSCR Loans
 
14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf
14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf
14.11.2024 AMOO-MOCA African Creative Economy Summit London summary.pdf
 
2024.03 Strategic Resources_Pub presentation
2024.03 Strategic Resources_Pub presentation2024.03 Strategic Resources_Pub presentation
2024.03 Strategic Resources_Pub presentation
 

ISP Network Analyzing Tactics