Hack the Hackers 2012: Client Side Hacking – Targeting the User


Published on

Live Hacking demos by Sean Hanna - CISSP, CISM, GCIA, GCIH, CEH, CHFI, ECSA, LPT, EC-Council Security Instructor of the Year

Hack the Hackers is organized by New Horizons Bulgaria - the only EC-Council Accredited Training Center in Bulgaria.

More info: www.newhorizons.bg

Published in: Technology, Sports
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Licensed Penetration Tester (LPT),EC-Council Certified Security Analyst (ECSA), Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH); Director at Nemstar- Offering IT Security, Consultancy & Training services in Ireland, the UK and Europe
  • Hack the Hackers 2012: Client Side Hacking – Targeting the User

    1. 1. HACK THE HACKERS 2012
    2. 2. About New Horizons World’s largest IT training company since 2002 (IDC) Recognized among the worlds Top 20 IT training companies four out of four years (Trainingindustry.com) Deliver a full range of technical, application, and business skills training solutions Advanced technical solutions (Microsoft, IBM, CompTIA, Adobe, ITIL, and various Information Security offerings); Desktop applications (Microsoft Project, Excel, Access, PowerPoint; Adobe Photoshop, Illustrator, InDesign); Business skills (project management, practical selling skills, time management, effective presentations, etc.) Offer more courses, at more times, and in more locations than any other computer and business training company
    3. 3. Partners
    4. 4. Customers
    5. 5. EC-Council Training November 12th, 2012 November 19th, 2012 2 of you will win a CEH voucher TODAY!
    6. 6. Special thanks to:
    7. 7. Sean Hanna SEAN HANNA LPT, ECSA, CEH, CHFI, CISSP, CISM, CISA, GSEC, GCIA, GCIH EC-Council Instructor of the year 2007, 2008, 2010, 2011
    8. 8. Client Side Hacking – Targeting the UserSean HannaEC-Council Security Instructor of the Year June 7th, 2012
    9. 9. EC-Council
    10. 10. EC-CouncilHACK! Client Side The Next Target Sean Hanna
    11. 11. Be scared, very scared…BOOMERANGS
    12. 12. EC-Council
    13. 13. EC-Council
    14. 14. Research is where it all starts… EC-Council
    15. 15. Vulnerabilities EC-Council
    16. 16. Weapons R&D EC-Council Finding the next Vulnerability is highly technical Greatest challenge for coders Years of experience required Reverse Engineering Zero Day Attacks
    17. 17. For Example… EC-Council Wi-Fi Protected Setup is designed to ease the task of setting up and configuring security on wireless local area networks It has many weaknesses External Registrar option does not require any kind of authentication apart from providing the PIN, it is potentially vulnerable to brute force attacks.
    18. 18. EC-Council
    19. 19. EC-CouncilExploits
    20. 20. Exploits EC-Council
    21. 21. The Exploits EC-Council “Delivery Method” Stack Overflow Heap Corruption Format String Integer Bugs Race Conditions Brute Forcing SQL Coding Unicode
    22. 22. For Example… EC-Council Remote Code Buffer Overflows occurs when data written to a buffer, due to insufficient bounds checking, corrupts data values in memory addresses adjacent to the allocated buffer and may allow remote code to be run Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) MS07-029
    23. 23. EC-Council
    24. 24. EC-Council
    25. 25. Payloads EC-Council
    26. 26. The Payloads EC-Council Shells “Dangerous Weapon” Reverse Shells HTTP Reverse HTTP VNC Password Collector Visa Collector Bombs
    27. 27. For Example… EC-Council A botnet is a collection of compromised computers, each of which is known as a bot, connected to the Internet. Shark Botnet Payload Botnet C&C Server
    28. 28. DemoSHARK BOTNET
    29. 29. EC-Council
    30. 30. Frameworks EC-Council
    31. 31. Every attack requires coding EC-Council Assembly Language C+ or C++ Perl Ruby Visual Basic Java .NET Framework So its NOT easy !!!!
    32. 32. Exploit Lifecycle EC-Council
    33. 33. The Frameworks EC-Council There are various frameworks Underground Commercial These are the engines of hacking
    34. 34. Frameworks EC-Council
    35. 35. What would Dr Strangelove do EC-Councilnext….
    36. 36. if you’ve got it then you might as EC-Councilwell …
    37. 37. For Example… EC-Council Metasploit a well-known Framework, a tool for developing and executing exploit code against a remote target machine Contains many plug-ins SET
    38. 38. EC-Council
    39. 39. EC-CouncilTHE END
    40. 40. EC-CouncilOR IS IT…
    41. 41. Random Demos? EC-Council Were these just 3 random demos, or was there something more behind them? Each of the demos targeted a client system This is only the start of our story…
    42. 42. EC-Council
    43. 43. The Arms Race EC-Council The term arms race in its original usage describes a competition between two or more parties for military supremacy. Each party competes to produce larger numbers of weapons, greater armies, or superior military technology in a technological escalation Source: Wiki
    44. 44. EC-Council
    45. 45. The Ingredients Of An Arms Race EC-Council A new technology that might have a use a weapon Existing research in non-weapon areas An accidental or deliberate demonstration of its potential One government to use it against another Big business to see the chance of massive profits
    46. 46. The Dawn of a New Era EC-Council We have just entered the dawn of new era Cyber Warfare is not the stuff of science fiction Militaries around the world deploy Cyber Warfare Weaponry on an hourly bases The technologies is in use in live operational theatres around the world
    48. 48. This Time Its Different EC-Council The human race has always been careful to control the availability of weapons This time we can’t
    49. 49. Cyber Weaponry EC-Council When a solider leaves the army You can take his gun of him When a sailor leaves the navy You can take his ship of him When a pilot leaves the air force You can take his plane of him
    51. 51. RISK EC-Council Your job is managing Information RISK The risk profile id constantly changing New threats are constantly emerging Everything is a state of constant flux
    52. 52. What Is About To Come Next.. EC-Council
    53. 53. Journey EC-Council Let me take you on journey through hacking From the start though the years to today Then on towards the future Let me share why things are about to change FOREVER.
    57. 57. Evolution EC-Council Hacking is continuing to evolve If we understand how it has evolved.. We might see how it will evolve in the future
    58. 58. Timeline EC-Council
    59. 59. PHASE1
    60. 60. Hobbyist Hackers EC-Council C0mrade hacked into NASA downloaded the source code of the International Space Station $1.7 million Kevin Mitnick most wanted computer criminal in U.S. history breached the national defence system
    61. 61. Hobbyist Hackers EC-Council Started the whole process Limited success Limited resources Limited skills
    62. 62. PHASE2
    63. 63. Security Research Companies EC-Council HP Fortify Largest commercial research organization in the world Identified over 430 vulnerability categories across 18 programming languages Discovered two entirely new categories of vulnerabilities (JavaScript Hijacking and Cross-Build Injection)
    64. 64. PHASE3
    65. 65. Criminal Gangs EC-Council 431 million adults worldwide were victims of cyber crime last year (Norton Cyber Crime Report 2011) $388 billion is lost globally each year to cyber crime (Norton Cyber Crime Report 2011)
    66. 66. EC-Council
    67. 67. Criminal Gangs EC-Council Russian cybercriminals (Mafia Today) raked in over $4 billion in 2011 consolidated their efforts; organized crime groups are clamoring for a piece of the action most lucrative form of Russian cybercrime last year was online fraud “The cybercrime market originating from Russia costs the global economy billions of dollars every year,” Ilya Sachkov, Group-IB’s CEO
    68. 68. Criminal Gangs EC-Council Cyber crime costs the UK economy £27bn a year, the government has said. £21bn of costs to businesses £2.2bn to government £3.1bn to citizens Security minister Baroness Neville-Jones said the government was determined to work with industry to tackle cyber crime.
    69. 69. Criminal Gangs EC-Council Took the process to second stage Invested money to make money Professional career hackers Large budgets Large multi-skills teams Results in the production of commercial quality hacks: Crimeware is born
    70. 70. Crimeware EC-Council Crimeware is a class of malware designed specifically to automate cybercrime The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group Crimeware is said to started around 2003 Crimeware has made rapid advancements in the last 9 years
    71. 71. Crimeware Part 1 EC-Council Advancement 1: Form-grabbing (spyware) Advancement 2: Anti-detection (stealth) Advancement 3: Web-injects (man-in-the-browser) Advancement 4: Expanded Target Support
    72. 72. Crimeware Part 2 EC-Council Advancement 5: Source Code Availability/Release Advancement 6: Mobile Device Support (man-in-the-mobile) Advancement 7: Anti-removal (persistence) Advancement 8: Commercialisation (market)
    73. 73. PHASE4
    74. 74. Cyber Warfare EC-Council “actions by a nation-state to penetrate another nations computers or networks for the purposes of causing damage or disruption” “the fifth domain of warfare” “as critical to military operations as land, sea, air, and space”
    75. 75. Cyber Warfare - History EC-Council March 1999: Hackers in Serbia attack NATO systems in retaliation for NATO’s military intervention in Kosovo. May 1999: NATO accidentally bombs the Chinese embassy in Belgrade, spawning a wave of cyberattacks from China against U.S. government Web sites. 2003: Hackers begin a series of assaults on U.S. government computer systems that lasts for years. The government code names the attacks Titan Rain and eventually traces them to China. April-May 2007: Hackers believed to be linked to the Russian government bring down the Web sites of Estonia’s parliament, banks, ministries, newspapers and broadcasters. June-July 2008: Hundreds of government and corporate Web sites in Lithuania are hacked, and some are covered in digital Soviet-era graffiti, implicating Russian nationalist hackers. August 2008: Cyber attackers hijack government and commercial Web sites in Georgia during a military conflict with Russia. January 2009: Attacks shut down at least two of Kyrgyzstan’s four Internet service providers during political squabbling among Russia, the ruling Kyrgyzstan party and an opposition party. April 2009: An attack on neighboring Kazakhstan shuts down a popular news Web site.
    76. 76. US First Cyber Warfare General EC-Council The US military appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace. The creation of Cyber Command is in response to increasing anxiety over the vulnerability of the USs military and other networks to a cyber attack The US air force discloses that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare". May 2010 – The Guardian Newspaper UK
    77. 77. EC-Council9ec4c12949a4f31474f299058ce2b22a
    78. 78. Cyber Warfare EC-Council A cyber attack by one state on another could be considered an "act of war", former top national security adviser (BBC News) William Hague: UK is under cyber-attack (BBC News)
    79. 79. White House warns of Cyber Warfareboomerangs EC-Council Unlike a bullet or missile fired at an enemy, a Cyber Weapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. The Homeland Security Department’s warning about the new virus, known as “Flame,” 3 Days ago – The White House
    80. 80. Germany prepares special unit to EC-Counciltackle cyber attack BERLIN: Germany has prepared a special cyber warfare unit of its military to conduct offensive operations against computer hackers, who attack key installations or engage in espionage activities, defence ministry has said. 36 Hours ago – Economic Times
    81. 81. The Government Wants You EC-Council Agencies need to hack clients Al Qaeda operatives for example Millions have been spent in developing the next generation of client side hacking tools
    82. 82. PHASE 5 EC-Council
    83. 83. PHASE 5 EC-Council
    84. 84. Questions and Answers New Horizons Bulgaria 36 Dragan Tsankov blvd. Interpred, block A, floor 6 Phone : +359 2 421 0040 Email: office@newhorizons.bg Web: www.newhorizons.bg Blog: newhorizons.bg/blog