Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ethical hacking for fun and profit

177 views

Published on

Describe the ethical hacking, why it's fun to learn and a land of possibility to make business with it

Published in: Technology
  • Be the first to comment

Ethical hacking for fun and profit

  1. 1. SUMMARY • ETHICAL HACKING • SECURITY AS A WAY TO LEARN • IMAGE VS REALITY • HACKER MINDSET • THE REAL FULLSTACK • WHERE TO BEGIN • SECURITY AS A WAY TO MAKE BUSINESS • CURRENT STATUS • OFFENSIVE SECURITY SERVICES • DEFENSIVE SECURITY SERVICES • DEV SEC OPS Join the IT Security
  2. 2. WHO THE HELL ARE YOU ? • BATARD FLORENT @SHENRIL • HTTP://CODE-ARTISAN.IO • FRENCH • DEVELOPER & SECURITY ENGINEER FOR 10 YEARS (FRANCE, SWITZERLAND, USA, JAPAN) • TRY TO MIX THE DEVOPS TRENDS WITH SECURITY
  3. 3. ETHICAL HACKING •HACKING WITH A SENSE OF RESPONSIBILITY •TRY TO IMPROVE THE OVERALL SECURITY AWARENESS SITUATION •TRY TO HELP THE PEOPLE REALLY BUILDING THE STUFF (REDTEAM/BLUETEAM) •ALSO REFERRED AS WHITE HAT •TRY TO MAKE BUILT-IN SECURITY THE EASIEST CHOICE YOU CAN MAKE
  4. 4. SECURITY AS A WAY TO LEARN SECURITY CAN BE FUN
  5. 5. IMAGE What is Hacking to you ?
  6. 6. REALITY • STATE SPONSORED CYBER ATTACKS • NSA DEVELOPED ATTACKS MADE PUBLIC • VULNERABILITY BUSINESS (VUPEN, COSEINC) • ORGANIZED CRIME • DARKWEB • ECONOMIC ESPIONNAGE • AND EVENTUALLY SOME LONELY GENIUSES DOING IT FOR THE FAME AND THE INTEL • THERE IS A MIDDLE GROUND • COMING TO MATURITY FOR SOME COMPANIES • LITTLE AWARENESS FROM THE PUBLIC ON WHAT S REALLY POSSIBLE • TOOLS AND MEANS TO HACK GOT OPENED TO EVERYONE (METASPLOIT, LOIC, SCANNERS, SQLMAP)
  7. 7. HACKER MINDSET • HACKER WAS THE TERM FOR CURIOUS PEOPLE WHO FOUND NEW WAYS TO USE TECHNOLOGIES • NEW WAYS OFTEN MEANT NOT PAYING FOR SOMETHING AND BECAME SECURITY RELATED • LOVE TO SOLVE PROBLEMS AND INVESTIGATE • LET’S DO THIS TODAY AND TAKE SOMETHING USUALLY PAINFUL TO MAKE IT YOUR STRENGTH
  8. 8. THE REAL FULLSTACK •SECURITY IS THE MOST TRANSVERSAL DISCIPLINE IN I.T • WEB / IOT / OS / MOBILE / CONTAINERS • FROM MEMORY(BUFFER OVERFLOW) TO UI (WEB XSS) •IT ALLOWS YOU TO DISCOVER A WIDE RANGE OF TECHNOLOGIES • LANGUAGES • FRAMEWORKS • SYSTEMS • NETWORKS
  9. 9. WHERE TO BEGIN •TWO APPROACHES • BEGIN WITH WHAT YOU KNOW • TAKE YOUR BELOVED TECHNOLOGY • FIND THE SECURITY ASPECT OF IT • GO HACK YOURSELF • BEGIN WITH WHAT YOU WANT TO KNOW • BROWSE THE HACKING SCENE • INVESTIGATE AREA YOU RE INTERESTED ABOUT • JOIN EVENTS OR CONTESTS (CTF) TO CHALLENGE YOURSELF
  10. 10. WHAT CAN YOU DO • TONS OF RESOURCES FOR TOOLS ONLINE • SYSTEM HACKING: METASPLOIT, OPENVAS, NESSUS, GITHUB • NETWORK HACKING: CAIN&ABEL, WIRESHARK, SCAPY, NMAP , AIRCRACK • WEB HACKING : SQLMAP, WPSCAN, WPSEKU, BURP SUITE, OWASP ZAP, NIKTO, BEEF • REVERSE ENGINEERING: IDA PRO, HEX RAYS, CFF • PASSWORD CRACKING: HASHCAT , HYDRA, JOHN • SOCIAL ENGINEERING: MALTEGO, SET, USB KEYS, YOUR BALLS AND A PHONE • TRAIN TO HACK : • ONLINE CTF , SECURITY EVENTS, ONLINE CONTESTS • METASPLOITABLE 1/2/3, REGULAR WINDOWS XP • DAMN VULNERABLE LINUX, DAMN VULNERABLE WEBAPP • WEBGOAT, MUTILLIDAE
  11. 11. METASPLOIT DEMO • SCAN A REMOTE MACHINE • EXPLOIT A REMOTE MACHINE • DISCOVER METERPRETER AND GO PARANOID
  12. 12. SQLMAP DEMO • SCAN A REMOTE WEBSITE • TRY TO EXPLOIT PARAMETERS • DUMP THE DATABASE AND PASSWORDS
  13. 13. STEPS TO ENLIGHTMENT 1. LEARN THE TOOLS – REALLY ! ATTACKS PRACTICES , OPTIONS 2. LEARN THE CONCEPTS BEHIND THE TOOLS – NETWORK , OVERFLOW, INJECTIONS 3. LEARN THE TOOLS – HOW THEY DO IT 4. GO CTF AND JOIN A TEAM ! 5. WRITE YOUR OWN TOOL, EXPLOIT CVE ? 6. SELL YOUR HACK TO BUG BOUNTY
  14. 14. SECURITY AS A WAY TO MAKE BUSINESS SECURITY CAN BE GOOD BUSINESS
  15. 15. CURRENT STATUS • AWARENESS IS STILL SHALLOW • THEY SENSE THE DANGER BUT DON’T ALWAYS KNOW HOW TO PREVENT IT OR IF THEY ARE VULNERABLE • MOST COMPANIES MISS THE BASIC HYGIENE ABOUT INFORMATION SECURITY • EXAMPLE : WANNACRY / PETYA/ NOT-PETYA • VULNERABILITY DEVELOPED BY THE NSA • ETERNALBLUE MS17-010 • AVAILABLE IN METASPLOIT FOR FREE EITHER TO SCAN AND TO EXPLOIT • ONLY NEED AN UPDATE • JAPAN IS NOT A GOOD STUDENT ON THIS TOPIC AND IS QUITE FAR BEHIND • LITTLE ECOSYSTEM: ABOUT 5 EVENTS ON THE TOPIC • FEW PROFESSIONALS: THINKING OF THE BOX IS PRETTY RARE • FEW BUSINESS RELATED TO SECURITY : TRENDMICRO, LAC, KCCS, KDL • GOOD IN OPERATION BUT NOT IN R&D FOR SECURITY
  16. 16. OFFENSIVE SECURITY SERVICES • SCAN OF VULNERABILITIES • APPLICATION SCANNING • INFRASTRUCTURE SCANNING • CHECK OF OPEN PORTS AND AUTHORIZATION ON RESOURCES (S3 BUCKETS, SSH, RIGHTS) • SOCIAL ENGINEERING CAMPAIGN: SEND FAKE EMAIL AND DO REPORTS • REAL SECURITY ASSESSMENT • LICENSE TO PWN: NEED TIGHT CONTRACT • GO FURTHER INTO SCANNING AND EXPLOITING • EXPLOIT UNTIL PROOF OF CORRUPTION : SCREENSHOTS, DATA • TRY TO STEAL DATA IN PERSO : THE CONMAN
  17. 17. DEFENSIVE SECURITY SERVICES • AWARENESS • HTTPS://HAVEIBEENPWNED.COM/ • TEST THEIR DEFENSE: SEND PLACEBO VIRUS , SCAN OPEN PORTS FROM OUTSIDE • PACKAGES VULNERABILITIES MAILING LIST : CVE COMES OUT , GET TAILORED EMAIL • REVIEW OF CONFIGS ON TOOLS/ ENV : WAF, SECRETS, UNIX RIGHTS • DEVELOPERS • SECURITY CODE REVIEWS • SECURITY DEPENDENCIES : BRAKEMAN , APPCANARY • AUTOMATIC SCANNING OF VULNERABILITIES ON TEST ENV : VADDY • CREATE CHECKLIST FOR DEVELOPERS : ASVS
  18. 18. STEP UP YOUR GAME • PROPOSE SECURITY OPTIONS TO YOUR CURRENT WORK • SECURITY MAINTENANCES • REGULAR SECURITY SCANS • THREAT INTELLIGENCE • PROPOSE SECURITY SOLUTIONS TO YOUR CLIENTS • CODE REVIEWS • PENETRATION TESTING • REGULAR / REAL-TIME SCANS • AWARENESS VERIFICATION • INCIDENT HANDLING • INTRODUCE TO SECURITY SOLUTIONS
  19. 19. DEV SEC OPS • MAKE SECURITY THE EASIEST CHOICE TO MAKE • INTEGRATE INTO PIPELINES • USE RECIPES TO BUILD SECURITY • AUTOMATIC DEPENDENCIES CHECK • AUTOMATIC KNOWN VULNERABILITY CHECK • UPDATE POLICY ON SECURITY EVENTS • WHAT OS VERSION DO YOU USE FOR PRODUCTION?
  20. 20. JOIN SECURITY ECOSYSTEM • OWASP events worldwide, Kansai too • Security topics at your favorite events • DevSecOps practices • Podcasting and Blogging • Defensive Security Podcast • Troy Hunt • Exploit-db • IPA / CERT
  21. 21. THANK YOU • FEEL FREE TO ASK QUESTIONS !

×