Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Hacking WordPress... and countermeasures. Slide 1 Hacking WordPress... and countermeasures. Slide 2 Hacking WordPress... and countermeasures. Slide 3 Hacking WordPress... and countermeasures. Slide 4 Hacking WordPress... and countermeasures. Slide 5 Hacking WordPress... and countermeasures. Slide 6 Hacking WordPress... and countermeasures. Slide 7 Hacking WordPress... and countermeasures. Slide 8 Hacking WordPress... and countermeasures. Slide 9 Hacking WordPress... and countermeasures. Slide 10 Hacking WordPress... and countermeasures. Slide 11 Hacking WordPress... and countermeasures. Slide 12 Hacking WordPress... and countermeasures. Slide 13 Hacking WordPress... and countermeasures. Slide 14 Hacking WordPress... and countermeasures. Slide 15 Hacking WordPress... and countermeasures. Slide 16 Hacking WordPress... and countermeasures. Slide 17 Hacking WordPress... and countermeasures. Slide 18 Hacking WordPress... and countermeasures. Slide 19 Hacking WordPress... and countermeasures. Slide 20 Hacking WordPress... and countermeasures. Slide 21 Hacking WordPress... and countermeasures. Slide 22 Hacking WordPress... and countermeasures. Slide 23 Hacking WordPress... and countermeasures. Slide 24 Hacking WordPress... and countermeasures. Slide 25 Hacking WordPress... and countermeasures. Slide 26 Hacking WordPress... and countermeasures. Slide 27 Hacking WordPress... and countermeasures. Slide 28 Hacking WordPress... and countermeasures. Slide 29 Hacking WordPress... and countermeasures. Slide 30 Hacking WordPress... and countermeasures. Slide 31 Hacking WordPress... and countermeasures. Slide 32 Hacking WordPress... and countermeasures. Slide 33 Hacking WordPress... and countermeasures. Slide 34 Hacking WordPress... and countermeasures. Slide 35 Hacking WordPress... and countermeasures. Slide 36 Hacking WordPress... and countermeasures. Slide 37 Hacking WordPress... and countermeasures. Slide 38 Hacking WordPress... and countermeasures. Slide 39 Hacking WordPress... and countermeasures. Slide 40 Hacking WordPress... and countermeasures. Slide 41 Hacking WordPress... and countermeasures. Slide 42 Hacking WordPress... and countermeasures. Slide 43 Hacking WordPress... and countermeasures. Slide 44 Hacking WordPress... and countermeasures. Slide 45 Hacking WordPress... and countermeasures. Slide 46 Hacking WordPress... and countermeasures. Slide 47 Hacking WordPress... and countermeasures. Slide 48 Hacking WordPress... and countermeasures. Slide 49 Hacking WordPress... and countermeasures. Slide 50 Hacking WordPress... and countermeasures. Slide 51 Hacking WordPress... and countermeasures. Slide 52 Hacking WordPress... and countermeasures. Slide 53 Hacking WordPress... and countermeasures. Slide 54 Hacking WordPress... and countermeasures. Slide 55 Hacking WordPress... and countermeasures. Slide 56 Hacking WordPress... and countermeasures. Slide 57 Hacking WordPress... and countermeasures. Slide 58 Hacking WordPress... and countermeasures. Slide 59 Hacking WordPress... and countermeasures. Slide 60 Hacking WordPress... and countermeasures. Slide 61 Hacking WordPress... and countermeasures. Slide 62 Hacking WordPress... and countermeasures. Slide 63 Hacking WordPress... and countermeasures. Slide 64 Hacking WordPress... and countermeasures. Slide 65 Hacking WordPress... and countermeasures. Slide 66 Hacking WordPress... and countermeasures. Slide 67 Hacking WordPress... and countermeasures. Slide 68 Hacking WordPress... and countermeasures. Slide 69
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

1 Like

Share

Download to read offline

Hacking WordPress... and countermeasures.

Download to read offline

A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this.
This talk was presented in the WordCamp Osaka 2019.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Hacking WordPress... and countermeasures.

  1. 1. 4
  2. 2. Hacking WordPress & Countermeasures NESTOR ANGULO DE UGARTE WORDCAMP OSAKA 2019 #WCOSAKA
  3. 3. こんにちわ! 6
  4. 4. Who I am 7 u Computer Science Engineer & Technology consultant u Photographer & Early Adopter u Truly curious guy u 2015: SUCURI Incident Response & Easy SSL u 2019: GoDaddy Spain Interim Head of IT @ GoDaddy Spain
  5. 5. Where is カ ナリア諸島 8
  6. 6. 9 About u Sucuri: Anaconda (No Securi / Security) u Website security u Fully remote (people from > 25 countries around the world) u 2008: Foundation u 2017: Proud part of the GoDaddy family u Free scanners: u Sitecheck (sitecheck.sucuri.net) u Performance (performance.sucuri.net)
  7. 7. 10 #WCOsaka2019 Nestor Angulo (@pharar)
  8. 8. Concepts GIVING CONTEXT 11 #WCOsaka2019NestorAngulo(@pharar)
  9. 9. DISCLAIMER 12 #WCOsaka2019 Nestor Angulo (@pharar) Any sensitive information has been protected/encrypted to preserve privacy. Any similiarity with reality is a coincidence. I’m responsible of what I say, not what you interpret. Always ask an expert.
  10. 10. #WCOsaka2019 Nestor Angulo (@pharar) 13
  11. 11. #WCOsaka2019 Nestor Angulo (@pharar) 14 ハッキングされた企業と、 ハッキングされたことをま だ知らない企業の2種類があ ります。
  12. 12. HACKER VS Cyberterrorist 15 #WCOsaka2019 Nestor Angulo (@pharar) Hacker: Curious person who loves to go beyond limits or convetionalisms. Cyberterrorist / Cracker: Computer Hacker, whom intentions are always aligned to enrich himself in a zero- sum game situation. The bad guy
  13. 13. Hacker Hat Colours 16 u Black Hat Cyberterrorist, thief u Grey Hat White Hat using illegal procedures u White Hat Security Analyst, ethical hacker
  14. 14. Malware u Software intentionally designed to cause damage to a computer, client, or computer network. u Some types: u Backdoors, zero-day u Exploits u Trojan horses, Fremium plugins u Ransomware, Spyware u Adware, Scareware 17
  15. 15. CyberSecurity & Web Security 18 u Cybersecurity: Security in the digital world u Web Security: Field of Cybersecurity u Covers what happens through port 80 / 443
  16. 16. FACTS 19 Site hacking almost never is client-oriented (98% of cases) Almost always happens due to a deficient monitoring / maintenance A SSL certificate is not an antihacking shield Patches & security updates appear almost always after hacking exploits Errare Humanum Est (Human being fails) Security never is (nor will be) 100% effective
  17. 17. FACTS 20 Source: Website Hack Trend Report 2018 – sucuri.net
  18. 18. The Art of War IN THE MIND OF YOUR ENEMY
  19. 19. Common Targets 22 #WCOsaka2019 Nestor Angulo (@pharar) Users info Database Website Content Infrastructure Bot Net Reputation
  20. 20. Know your weaknesses 23 u You are your weakest point u You can be scammed u Passwords. u Vulnerable to brute force attacks u Leftovers u Admin users u Outdated/vulnerable software u Enabled/Disabled not-in-use plugins/themes u Non-secure connection (avoid public wifi) u Vulnerable to Man-In-the-Middle attacks
  21. 21. Hacking WordPress. The Process 24 Vulnerability ->Exploit Injection Final code Backdoor Spam / defacement BotNode Final code
  22. 22. Definitions 25 u Vulnerability u Bug in the code or posibility of misuse that can be exploited to perform unauthorized actions within a computer system. u Exploit u Software that leverages a vulnerability u Backdoor u Malware which allows remote execution of code
  23. 23. WPScan Vulnerability Database wpvulndb.com 26
  24. 24. Gallery of Horrors 27 #WCOsaka2019NestorAngulo(@pharar)
  25. 25. Defacements
  26. 26. Defacements
  27. 27. Example 1: Photographer Gallery 30
  28. 28. 31 #WCOsaka2019NestorAngulo(@pharar)
  29. 29. 32 #WCOsaka2019NestorAngulo(@pharar)
  30. 30. Example 2: Pet food store 33
  31. 31. 34
  32. 32. 35
  33. 33. Bonus 36
  34. 34. 37
  35. 35. DEFACEMENTS 38 #WCOsaka2019 Nestor Angulo (@pharar) Partial / full replacement of website frontend. Very obvious Easy detection: - Users (hear them!) - Scanners Target: Awareness or social/political revindication
  36. 36. Black Hat SEO / Spam
  37. 37. 40
  38. 38. 41
  39. 39. 42
  40. 40. 43
  41. 41. 44
  42. 42. BLACK HAT SEO / SPAM 45 #WCOsaka2019 Nestor Angulo (@pharar) Spam/unwanted content in your site Detection: - Scanners (Easy) - Users (hear them!) - Search Engine warnings Target: Your SEO and reputation
  43. 43. DDoS Attacks / BotNets
  44. 44. Definitions 47 u DoS attack - Denial of Service - Overhelmed application due to a huge amount of petitions u DDoS attack u Distributed DoS u BotNet u Net of websites linked to act coordinated u Have bot nodes and a bot master
  45. 45. Normal, tending to calm 48
  46. 46. 49
  47. 47. 50
  48. 48. BOTNETS, CRYPTOMINERS, DDOS 51 #WCOsaka2019 Nestor Angulo (@pharar) Affecting to your infrastructure Detection: - Usually difficult - Strange use of resources - File Integrity Scanner WAF recommended Target: - Your server’s resources - User’s resources. - Zombie node
  49. 49. Countermeasures REACTIVES AND PROACTIVE MEASURES 52 #WCOsaka2019NestorAngulo(@pharar)
  50. 50. Characters in the Story (if something happens) 53 You • Owner / Admins • Developer & Designer • Users/clients Hosting Provider • Agent / C3 • Support & Backups Security Expert • Security department • External services
  51. 51. Security in Layers 54 u You ( the weakest layer ) u Your device ( Antivirus ) u Your connection ( SSL ) u Your website ( WAF ) u Your credentials ( Strong Passwords / 2FA ) u Your site security ( monitor / updates ) u Your server security ( monitor / updates ) u Your database ( monitor ) u Maintenance tasks
  52. 52. Measures: Reactive vs Proactive 55 #WCOsaka2019 Nestor Angulo (@pharar) Reactive: When bad things have already happened Pain mitigation Proactive: Before anything bad happens Risk mitigation
  53. 53. #WCOsaka2019 Nestor Angulo (@pharar) Reactive measures u Scan your site: uStatus: Sitecheck.sucuri.net uBlacklist: Virustotal.com u CRC: Check, Remove and Change u Update u Restore a backup 56
  54. 54. 57 #WCOsaka2019NestorAngulo(@pharar)
  55. 55. #WCOsaka2019 Nestor Angulo (@pharar) Proactive measures u Reduce admins, plugins and themes u Backups u Updates u Invest in Hosting & Security u WAF 58
  56. 56. The more Doors, the higher Risk 59 #WCOsaka2019 Nestor Angulo (@pharar) “To Caesar, what is Caesar’s”. Admin stuff with admin account. The rest, with a limited account The more admins, plugins and themes the more risk (even when disabled). All user’s passwords MUST be unique and strong (better with 2FA when possible) Applied to all layers (wp-admin, [S]FTP, cPanel, dashboard, db, …)
  57. 57. BACKUPS 60 u Have a backups strategy uNEVER store the backups in your production server uA clean and FUNCTIONAL backup will be your best friend a bad day
  58. 58. BACKUPS 61 u Have a backups strategy uNEVER store the backups in your production server uA clean and backup will be your best friend a bad day
  59. 59. Updates 62 u PLUGINS u THEMES u CORE u PHP u APACHE / NGINX u SERVER u CPANEL / PLESK u …
  60. 60. Updates 63 Source: Web Professional Security Survey 2019 – Sucuri.net
  61. 61. Remember to Invest in 64 #WCOsaka2019 Nestor Angulo (@pharar) SECURITY HOSTING
  62. 62. Hosting 65 #WCOsaka2019 Nestor Angulo (@pharar) FIRST LAYER OF YOUR SITE’S DEFENSE BALANCE BETWEEN PRICE AND FEATURES THEY ARE IN CHARGE OF THE SERVER’S SERVICES, DATABASE AND MAINTENANCE
  63. 63. Shared hosting vs dedicated #WCOsaka2019NestorAngulo(@pharar) 66
  64. 64. Source: 2019 Sucuri survey to ecommerce owners. 67
  65. 65. WAF Your guard dog 68 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WIDELY KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, IMPROVES YOUR SITE’S SPEED & PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
  66. 66. WAF Your guard dog 69 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WELL KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, YOUR SITE WILL IMPROVE ITS SPEED AND PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
  67. 67. 70 #WCOsaka2019 Nestor Angulo (@pharar)
  68. 68. 71 #WCOsaka2019NestorAngulo(@pharar)
  69. 69. ありがとうござ いました︕ ご質問は︖ 72 @pharar #WCOSAKA2019
  • athanassioskollyris

    Apr. 16, 2021

A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this. This talk was presented in the WordCamp Osaka 2019.

Views

Total views

1,210

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

1

Shares

0

Comments

0

Likes

1

×