SlideShare a Scribd company logo
1 of 47
Download to read offline
Hacking
The Dark Arts
1Wednesday, February 4, 2009
About Speaker
Speaker @ JavaOne, NFJS, Devcon, Borcon
Sun Certified Java 2 Architect.
Instructor for VisiBroker for Java, OOAD, Rational Rose,
and Java Development.
JBoss Certified Developer
Professor - Sipe
2Wednesday, February 4, 2009
Agenda
Security Landscape
Hacking Philosophy
– The Sorting Hat
Information Gathering
– Information leak
– Finding the exploits
Security Threats
– Brute Force
– XSS
– SQL Injection
Dos and Don’ts
Summary
3Wednesday, February 4, 2009
Security Statistics
Gartner
– 75% of all attacks are directed at the web application layer
– 2/3 of all web applications are vulnerable
– 80% of organizations will experience an application security
incident by 2010
IBM
– 10% of IT dollars are spent on web application security
Mitre
– XSS and SQL Injection are #1 and #2 reported
vulnerabilities
4Wednesday, February 4, 2009
Alarming Truth
“Approximately 100 million Americans have been
informed that they have suffered a security breach so
this problem has reached epidemic proportions.”
– Jon Oltsik – Enterprise Strategy Group
“Up to 21,000 loan clients may have had data exposed”
– Marcella Bombardieri, Globe Staff/August 24, 2006
“Personal information stolen from 2.2 million active-duty
members of the military, the government said…”
– New York Times/June 7, 2006
“Hacker may have stolen personal identifiable
information for 26,000 employees..”
– ComputerWorld, June 22, 2006
5Wednesday, February 4, 2009
High Level Application Architecture
6Wednesday, February 4, 2009
Top 07 Security Issues
7Wednesday, February 4, 2009
Hacking Philosophy
8Wednesday, February 4, 2009
Sorting Hat
Black hat
– Has the advantage
Grey hat
White hat
– Threat Modeling
9Wednesday, February 4, 2009
Black Hatters
Script Kiddies
Disgruntled Employees
Whackers
Software Crackers
Cyber Criminals
System Hackers
10Wednesday, February 4, 2009
Black Hat Approach
Information Gathering
– Sometimes targeted on a “client”
– Sometimes targeting a vulnerability
Scanning
– Network mapping
– Ports
Gaining Access
Elevate Privileges
Cover Tracks
11Wednesday, February 4, 2009
White Hat Approach
Assess
– Threat Modeling
Policies
Implement / Train
Audit
12Wednesday, February 4, 2009
Security Consequences
Security
Usability
low
high
low high
13Wednesday, February 4, 2009
Black Hat Principles
Inside Out Access
Most People
– Like free stuff!
– Are curious
– Are not security savvy
– Choose usability over security
– Choose performance over security
Expense
– Too costly to secure everything
14Wednesday, February 4, 2009
Hacker
John Draper – “Captain Crunch”
– Toy whistle provides free long distance calling
15Wednesday, February 4, 2009
Information Gathering
Determine Target
– Looking for a opportunity
• Sans.org
• or …
– Targeting a “customer”
Google Magic
16Wednesday, February 4, 2009
Google Advanced Operators
Cache:
Info:
Intext:
Intitle:
Inurl:
Link:
Filetype
:
Site:
…
Looking for a cgi opportunity
– allinurl:/index.cgi
Looking for 2000 IIS 5?
– “Microsoft-IIS/5.0 server at” intitle:index.of
Apache Tomcat
– "Apache Tomcat/" intitle:index.of
Specific Version of Apache
– “Apache/2.0.45 server at” intitle:index.of
Password anyone
– inurl:config.php dbuname dbpass
– “Welcome to phpMyAdmin” “Create new database”
Perhaps you’re only looking for the government
– Site:gov
– site:mil filetype:xls "attendance"
http://www.googleguide.com/advanced_operators.html
17Wednesday, February 4, 2009
Trolling for Users
"@gmail.com" -www.gmail.com
filetype:reg intext:"internet account manager“
filetype:xls inurl:”email.xls”
inurl:admin inurl:userlist
"index of" lck + intext:webalizer + intext:Total
Usernames + intext:"Usage Statistics for“
filetype:reg reg HKEY_CURRENT_USER username
18Wednesday, February 4, 2009
Trolling for Passwords
filetype:htpasswd htpasswd
– HTTP htpasswd
"http://*:*@www" pmjones:
– HTTP htpasswd
filetype:config config intext:appSettings "User ID“
– .Net app credentials
intitle:”index of” intext:connect.inc
intitle:”index of” intext:globals.inc
– MySQL
filetype:ini inurl:ws_ftp
filetype:inc intext:mysql_connect
– Php / mysql
19Wednesday, February 4, 2009
Network Mapping
site:google.com -www.google.com
– Dns lookup… or ping
Looking for admins
– Ip search
– Whois
Easy Way
– http://toolbar.netcraft.com/site_report
20Wednesday, February 4, 2009
Targeting
http://secunia.com/product/4021/?task=advisories_2004
– Issue with CubeCart 2.0.1
– Issue reported 10-10-2004
Google search: "Powered by CubeCart 2.0.1“
– 16,400 hits 02-13-2008
21Wednesday, February 4, 2009
Hacker
Captain Midnight – John MacDougall
– Knocked HBO off the air for 4 ½ hours
22Wednesday, February 4, 2009
Parameter Tampering
23Wednesday, February 4, 2009
Brute Force
Automated Trial and Error
24Wednesday, February 4, 2009
Cross Site Scripting (XSS)
Malicious script echoed back in browser
Consequence:
– Internet Worm
• MySpace
• Meebo
– Session Tokens stolen
– Future surfing compromised
25Wednesday, February 4, 2009
XSS Testing
Submit a simple <script>alert(document.cookie)</
script> to a web page
If alert pops, life is good!
– Or bad
• Just depends on if you’re a white hat or black hat 
26Wednesday, February 4, 2009
XSS Details
Common
– Search
– Error Pages
– Returned Forms
Aiding Technologies
– AJAX
– Flash
– IFrame
27Wednesday, February 4, 2009
XSS – The Exploit
1. Link to Account
in email
2. Embedded script
Sent to target
3. Script executed on client
browser
4. Script provides cookie
and session data
5. Hacker users credentials
28Wednesday, February 4, 2009
XSS Testing
29Wednesday, February 4, 2009
Cookie Poison
30Wednesday, February 4, 2009
SQL Injection Discovery
Username: ‘
Password: a
31Wednesday, February 4, 2009
SQL Inject Errors
32Wednesday, February 4, 2009
SQL Inject Yourself In…
Username: access' or 1=1 --
Password: a
33Wednesday, February 4, 2009
SQL Inject Yourself In
34Wednesday, February 4, 2009
SQL Inject Answers from Errors
' having 1=1 --
' group by login.primarykey having 1=1 --
' union select min(username),1,1,1,1 from login
where username > 'a'--
35Wednesday, February 4, 2009
SQL Injection: Want a Password?
'union select min(password),1,1,1,1 from login
where username = 'ab***ilr'--
36Wednesday, February 4, 2009
Insecure Directory
Remote Machine Details
37Wednesday, February 4, 2009
Failure to Restrict URL
This would be fine if it were
an admin 
38Wednesday, February 4, 2009
Hacker
Nick Jacobsen
– Paris Hilton Phone Pictures
• SQL Injection or
• Password Recovery
39Wednesday, February 4, 2009
Trojans
Beast
+
Tutorial:
http://www.youtube.com/watch?v=KjbjPVG0BPU&feature=related
40Wednesday, February 4, 2009
Hiding your stuff
GooScan
– Not Google Approved 
41Wednesday, February 4, 2009
Dos & Don’ts
Don’t
– Use Magic URL and Hidden fields for
private data
– Use Security by ignorance
– Rely on secrecy of the scheme
– Reveal Passwords to User
– Use Cookies for private data
– Trust the client for anything
• Cookie expiration
Do
– Tighten Security
– Use Security Appliances
• Watchfire
– Rely on secrecy of a set of keys
– Tighten Passwords
– Develop a policy
– Enforce time limits on authenticators
– Security Reviews
42Wednesday, February 4, 2009
Hacker
Adrian Lamo – “Homeless Hacker”
– Hacked
• NY Times
• MSFT
• NBC
43Wednesday, February 4, 2009
Resources
Must watch program
– http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar
Vulnerability and exploit info
– www.cert.org
– http://www.owasp.org/index.php/Top_10_2007
– http://seclists.org/
Tools
– http://www.elhacker.net/hacking-programas-hack.htm
– http://www.tahribat.com/doc.asp?docid=87
Security Policy
– http://www.sans.org/resources/policies/
44Wednesday, February 4, 2009
Links
http://xss-proxy.sourceforge.net/
Advanced_XSS_Control.txt
45Wednesday, February 4, 2009
Summary
 It’s a Scary World!
 White Hats are always on the defense
 Obtain skills in Defense against the
Dark Arts
 And Good Luck!
46Wednesday, February 4, 2009
Questions
 Please Fill Out Surveys
kensipe@gmail.com
twitter: kensipe
blog: kensipe.blogspot.com
47Wednesday, February 4, 2009

More Related Content

What's hot

Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Phish training final
Phish training finalPhish training final
Phish training finalJen Ruhman
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Online Netiquette
Online NetiquetteOnline Netiquette
Online NetiquetteZoro18
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteAngelito Quiambao
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the webJoel May
 
Harbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vidHarbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vidErnest Staats
 

What's hot (15)

Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Phish training final
Phish training finalPhish training final
Phish training final
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Online Netiquette
Online NetiquetteOnline Netiquette
Online Netiquette
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the web
 
Harbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vidHarbin clinic iot-mobile-no-vid
Harbin clinic iot-mobile-no-vid
 
Maltego
MaltegoMaltego
Maltego
 

Viewers also liked

Creacion de shellcodes para Exploits en Linux/x86
Creacion de shellcodes para Exploits en Linux/x86 Creacion de shellcodes para Exploits en Linux/x86
Creacion de shellcodes para Exploits en Linux/x86 Internet Security Auditors
 
Design and Implementation of Shellcodes.
Design and Implementation of Shellcodes.Design and Implementation of Shellcodes.
Design and Implementation of Shellcodes.Sumutiu Marius
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesEran Goldstein
 
One Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationOne Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationQuinn Wilton
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injectionDhaval Kapil
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
Manual de integración de Latch en Mosquito MQTT Broker
Manual de integración de Latch en Mosquito MQTT BrokerManual de integración de Latch en Mosquito MQTT Broker
Manual de integración de Latch en Mosquito MQTT BrokerTelefónica
 

Viewers also liked (11)

Creacion de shellcodes para Exploits en Linux/x86
Creacion de shellcodes para Exploits en Linux/x86 Creacion de shellcodes para Exploits en Linux/x86
Creacion de shellcodes para Exploits en Linux/x86
 
Design and Implementation of Shellcodes.
Design and Implementation of Shellcodes.Design and Implementation of Shellcodes.
Design and Implementation of Shellcodes.
 
Shellcode mastering
Shellcode masteringShellcode mastering
Shellcode mastering
 
Exploitation
ExploitationExploitation
Exploitation
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniques
 
One Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationOne Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform Exploitation
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injection
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 
Manual de integración de Latch en Mosquito MQTT Broker
Manual de integración de Latch en Mosquito MQTT BrokerManual de integración de Latch en Mosquito MQTT Broker
Manual de integración de Latch en Mosquito MQTT Broker
 

Similar to The Dark Arts of Hacking.

Presentation
PresentationPresentation
PresentationMohd Arif
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityPrathan Phongthiproek
 
Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554TISA
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Development Processes
Development ProcessesDevelopment Processes
Development Processessblom
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DANeil Lines
 
Zoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case studyZoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case studyAdri Jovin
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0Jason Edelstein
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.pptveracru1
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 

Similar to The Dark Arts of Hacking. (20)

Presentation
PresentationPresentation
Presentation
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 
Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554
 
Tisa social and mobile security
Tisa social and mobile securityTisa social and mobile security
Tisa social and mobile security
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Development Processes
Development ProcessesDevelopment Processes
Development Processes
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Zoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case studyZoom: Privacy and Security - A case study
Zoom: Privacy and Security - A case study
 
internet
internetinternet
internet
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0
 
how_to_get_into_infosec
how_to_get_into_infosechow_to_get_into_infosec
how_to_get_into_infosec
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.ppt
 
Network security
Network securityNetwork security
Network security
 
Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
News Bytes June 2012
News Bytes June 2012News Bytes June 2012
News Bytes June 2012
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
Cyber Safety 101
Cyber Safety 101Cyber Safety 101
Cyber Safety 101
 

More from Sumutiu Marius

Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy SuppliersDragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy SuppliersSumutiu Marius
 
Stratfor Forensic Hack Investigation - Verizon
Stratfor Forensic Hack Investigation - VerizonStratfor Forensic Hack Investigation - Verizon
Stratfor Forensic Hack Investigation - VerizonSumutiu Marius
 
Shellcode Disassembling - Reverse Engineering
Shellcode Disassembling - Reverse EngineeringShellcode Disassembling - Reverse Engineering
Shellcode Disassembling - Reverse EngineeringSumutiu Marius
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningSumutiu Marius
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 

More from Sumutiu Marius (6)

Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy SuppliersDragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy Suppliers
 
Stratfor Forensic Hack Investigation - Verizon
Stratfor Forensic Hack Investigation - VerizonStratfor Forensic Hack Investigation - Verizon
Stratfor Forensic Hack Investigation - Verizon
 
Shellcode Disassembling - Reverse Engineering
Shellcode Disassembling - Reverse EngineeringShellcode Disassembling - Reverse Engineering
Shellcode Disassembling - Reverse Engineering
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie Poisoning
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
 

Recently uploaded

Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Eric Johnson
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?krc0yvm5
 
overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of VirtualizationRajan yadav
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondContinuent
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxlibertyuae uae
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technologysoufianbouktaib1
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfMaria Adalfio
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxJustineGarcia32
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...hasimatwork
 

Recently uploaded (10)

Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
 
overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualization
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptx
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technology
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdf
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptx
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
 

The Dark Arts of Hacking.