Advertisement

“Can we deface your Web in 10 mins?” - Edu 3.4

eLearning Consortium 電子學習聯盟
eLearning Consortium 電子學習聯盟
Apr. 8, 2016
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4
“Can we deface your Web in 10 mins?” - Edu 3.4

Check these out next

Hour of code computer science class
Hour of code computer science class
Holly Akers
Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4
eLearning Consortium 電子學習聯盟
(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial
James Griffin
Cara mendeface sebuah website
Cara mendeface sebuah website
yogigreat
Web hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
Why java is important in programming language?
Why java is important in programming language?
NexSoftsys
Panduan Instalasi Android Studio
Panduan Instalasi Android Studio
Agus Haryanto
Teach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry Pi
Juan Gomez
1 of 15

“Can we deface your Web in 10 mins?” - Edu 3.4

Apr. 8, 2016
Download to read offline
Education

知道創宇 資訊保安研究員 何寶麟先生

eLearning Consortium 電子學習聯盟
eLearning Consortium 電子學習聯盟
Advertisement
Advertisement
Advertisement

Recommended

WordPress for BeginnersWordPress for Beginners
WordPress for BeginnersBrad Williams2.1K views7 slides
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj85 views28 slides
Modernize your existing teaching materials through Office 365Modernize your existing teaching materials through Office 365
Modernize your existing teaching materials through Office 365eLearning Consortium 電子學習聯盟716 views14 slides
“Performance Analytics and Assessment for Learning” - Edu 3.4“Performance Analytics and Assessment for Learning” - Edu 3.4
“Performance Analytics and Assessment for Learning” - Edu 3.4eLearning Consortium 電子學習聯盟482 views18 slides
“Learn the fundamental of programming with animals and robots” - Edu 3.4“Learn the fundamental of programming with animals and robots” - Edu 3.4
“Learn the fundamental of programming with animals and robots” - Edu 3.4eLearning Consortium 電子學習聯盟511 views16 slides
「有機上網」了,然後呢? - Edu 3.4「有機上網」了,然後呢? - Edu 3.4
「有機上網」了,然後呢? - Edu 3.4eLearning Consortium 電子學習聯盟411 views7 slides

More Related Content

Viewers also liked(20)

Hour of code computer science classHour of code computer science class
Hour of code computer science class
Holly Akers712 views
Learning with Lenovo - Edu 3.4Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4
eLearning Consortium 電子學習聯盟439 views
(Open Hack Night Fall 2014) Hacking Tutorial(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial
James Griffin433 views
Cara mendeface sebuah websiteCara mendeface sebuah website
Cara mendeface sebuah website
yogigreat954 views
Web hack & attacksWeb hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI1.7K views
Why java is important in programming language?Why java is important in programming language?
Why java is important in programming language?
NexSoftsys1.1K views
Panduan Instalasi Android StudioPanduan Instalasi Android Studio
Panduan Instalasi Android Studio
Agus Haryanto5.4K views
Teach your kids how to program with Python and the Raspberry PiTeach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry Pi
Juan Gomez7.3K views
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card ViewBelajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Agus Haryanto9.1K views
Android Sliding Menu dengan Navigation DrawerAndroid Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation Drawer
Agus Haryanto28.9K views
Kids Can CodeKids Can Code
Kids Can Code
eLearning Consortium 電子學習聯盟1.4K views
Belajar Android Studio Memberi Efek animasi pada ButtonBelajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada Button
Agus Haryanto12K views
Kenalan Dengan Firebase AndroidKenalan Dengan Firebase Android
Kenalan Dengan Firebase Android
Agus Haryanto7.5K views
Java basic introductionJava basic introduction
Java basic introduction
Ideal Eyes Business College2.7K views
Building Web Hack InterfacesBuilding Web Hack Interfaces
Building Web Hack Interfaces
Christian Heilmann1.5K views
Android Fast Track CRUD Android PHP MySqlAndroid Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySql
Agus Haryanto28K views
How to Teach how to Code for kidsHow to Teach how to Code for kids
How to Teach how to Code for kids
eLearning Consortium 電子學習聯盟1.5K views
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar2.8K views
Belajar Android PHP MySQL Login dengan VolleyBelajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan Volley
Agus Haryanto27.8K views
jQTouch – Mobile Web Apps with HTML, CSS and JavaScriptjQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
Philipp Bosch7.7K views

Similar to “Can we deface your Web in 10 mins?” - Edu 3.4(20)

Web 1.0, Web 2.0 and Digital PreservationWeb 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital Preservation
lisbk931 views
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
webhostingguy479 views
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula1.5K views
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Michael Pirnat3.5K views
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
Kishor Kumar632 views
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of Worcester
Jisc1.1K views
How to fix a hacked site and harden June 2019How to fix a hacked site and harden June 2019
How to fix a hacked site and harden June 2019
Tim Plummer1.5K views
Web securityWeb security
Web security
kareem zock512 views
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
webhostingguy247 views
Advanced Site Studio Class, June 18, 2012Advanced Site Studio Class, June 18, 2012
Advanced Site Studio Class, June 18, 2012
Lee Klement1.9K views
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploits
tamuwww1.2K views
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman945 views
Making the Web Fireproof: A Building Code for WebsitesMaking the Web Fireproof: A Building Code for Websites
Making the Web Fireproof: A Building Code for Websites
Dylan Wilbanks12.5K views
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal1.1K views
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
PINT Inc3.1K views
Confidence webConfidence web
Confidence web
Dan Kaminsky11.3K views
USG Rock Eagle 2017 - PWP at 1000 DaysUSG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 Days
Eric Sembrat135 views
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode907 views
Page Experience Update SMX 2020 (Aleks Shklyar)Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)
Aleks (Aleksander) Shklyar189 views
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa484 views
Advertisement

More from eLearning Consortium 電子學習聯盟(20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
eLearning Consortium 電子學習聯盟77 views
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
eLearning Consortium 電子學習聯盟387 views
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
eLearning Consortium 電子學習聯盟38 views
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
eLearning Consortium 電子學習聯盟73 views
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
eLearning Consortium 電子學習聯盟358 views
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
eLearning Consortium 電子學習聯盟220 views
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
eLearning Consortium 電子學習聯盟83 views
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
eLearning Consortium 電子學習聯盟51 views
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
eLearning Consortium 電子學習聯盟58 views
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
eLearning Consortium 電子學習聯盟58 views
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
eLearning Consortium 電子學習聯盟154 views
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
eLearning Consortium 電子學習聯盟86 views
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
eLearning Consortium 電子學習聯盟81 views
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
eLearning Consortium 電子學習聯盟69 views
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
eLearning Consortium 電子學習聯盟470 views
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
eLearning Consortium 電子學習聯盟368 views
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
eLearning Consortium 電子學習聯盟401 views
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
eLearning Consortium 電子學習聯盟368 views
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
eLearning Consortium 電子學習聯盟370 views
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
eLearning Consortium 電子學習聯盟380 views

Recently uploaded(20)

PreK_Registration_2024.pdfPreK_Registration_2024.pdf
PreK_Registration_2024.pdf
JessicaMercure10 views
Electrical Meter Connection.pptxElectrical Meter Connection.pptx
Electrical Meter Connection.pptx
MelindaPerez130 views
AtomII.pptAtomII.ppt
AtomII.ppt
JervinEleydo10 views
CONFUCIANISM.pptxCONFUCIANISM.pptx
CONFUCIANISM.pptx
RachelleAnnVValdez10 views
Introduction to E Technoprenuer.pptxIntroduction to E Technoprenuer.pptx
Introduction to E Technoprenuer.pptx
Mywife150 views
A Look Back.pptxA Look Back.pptx
A Look Back.pptx
ShawieTablada0 views
IELTS Speaking part 2.pptxIELTS Speaking part 2.pptx
IELTS Speaking part 2.pptx
MonicaHernandez3050 views
glish.pptxglish.pptx
glish.pptx
ShawieTablada0 views
Algebra 1 _ LP_1.docxAlgebra 1 _ LP_1.docx
Algebra 1 _ LP_1.docx
Marjo DeLa Cruz0 views
Health Career PTHWAYSHealth Career PTHWAYS
Health Career PTHWAYS
GraceVMaeJayme10 views
CHAPTER 8 (SOCIAL AND POLITICAL STRATIFICATION).pptxCHAPTER 8 (SOCIAL AND POLITICAL STRATIFICATION).pptx
CHAPTER 8 (SOCIAL AND POLITICAL STRATIFICATION).pptx
JezzcelPiring0 views
TAOISM.pptxTAOISM.pptx
TAOISM.pptx
VincentAcapen0 views
workbook unit 7.pdfworkbook unit 7.pdf
workbook unit 7.pdf
DavidPintado100 views
ELTPR056-3-Break-Idioms ELTPR056-3-Break-Idioms
ELTPR056-3-Break-Idioms
Winn Trivette II 0 views
Presentation by idrees.pptxPresentation by idrees.pptx
Presentation by idrees.pptx
IdreesBharat0 views
CF prerecorded video.pdfCF prerecorded video.pdf
CF prerecorded video.pdf
QuangBinhNguyen50 views
Presenter-1-ACTION-RESEARCH-MADONNA-L.-SUA.pptPresenter-1-ACTION-RESEARCH-MADONNA-L.-SUA.ppt
Presenter-1-ACTION-RESEARCH-MADONNA-L.-SUA.ppt
ChristianJayLapinid0 views
1 _ RM_Dr Y. P. Singh.pptx1 _ RM_Dr Y. P. Singh.pptx
1 _ RM_Dr Y. P. Singh.pptx
SurajMishra3051860 views
University of London degree.pdfUniversity of London degree.pdf
University of London degree.pdf
lunabarajas8160 views
Mind Mapping Template.pptxMind Mapping Template.pptx
Mind Mapping Template.pptx
AsawariShiposkar10 views
Advertisement

“Can we deface your Web in 10 mins?” - Edu 3.4

  1. Knownsec Hong Kong  Can we deface your Web in 10 mins?
  2.  News Ref: http://hk.on.cc/hk/bkn/cnt/news/20150708/bkn-20150708133226995-0708_00822_001.html
  3.  News Ref: http://abcnews.go.com/US/ny-high-school-students-accused-hacking-computer-system/story?id=34617530
  4.  News Ref: http://www.appledaily.com.tw/realtimenews/article/new/20151024/718116/
  5.  Some Common Hacking Incidents •  Defacement •  Changing the look of the website – e.g. hackers break into into the web server and modify the content •  Stealing Information •  Getting some sensitive information (e.g. exam paper) because they are not properly protected Ref: https://www.pinoyhacknews.com/web-hacking-terms-what-is- website-defacedefacement
  6. •  Modifying Information •  E.g. Hackers break into the server / through websites vulnerability to modify the database content, like school grades •  Upload Trojan / Shell •  Hackers upload a backdoor to control the webserver, they can change website content, spread virus, make webserver as zombie, etc… •  Etc… Ref: http://vanish.org/t/images/bot1.jpg
  7.  Some Common Vulnerabilities •  SQL Injection •  A website vulnerability that allow hackers to input gain access to database or even execute commands, e.g. dump database, modify content, upload files •  Vulnerable Components •  Using some vulnerable software like outdated CMS, vuln version of Wordpress plugin, old web servers (e.g. webdav exploit)… Ref: http://imgs.xkcd.com/comics/exploits_of_a_mom.png
  8. •  Sensitive Files •  Important files are not properly protected, e.g. simply putting them to be internet accessible •  Weak Passwords •  Using weak password like 000000 and no brute force protection
  9.  Demo – Can we deface your Web in 10mins? •  There is a sample Educational Website
  10.  Can we deface your Web in 10mins? •  Hacking in progress… •  Browsing the website •  Finding vulnerabilities •  Uploading a shell… •  Defacing the homepage…
  11.  Can we deface your Web in 10mins? – Yes!!
  12.  What did the hacker do? •  Browsing the website •  Got interesting directories: /intranet •  Have to login? •  Got an interesting page: /intranet/fck.php using FKCEditor? •  Finding vulnerabilities •  Bypass login by SQL Injection… •  Misconfigured FCKEditor, a vulnerable component J •  Uploading a shell… •  A file that can control the website •  Defacing the homepage… •  Mission completed
  13.  Tips •  Do security assessment on your websites •  Websites vulnerabilities •  Servers configuration •  Apply countermeasures if necessary •  Improve security awareness •  Be aware of the news about the technology that the school is using •  Education
  14.  Contact •  Alan Ho •  alanho@knownsec.com
  15. Thank you!
Advertisement