Your SlideShare is downloading. ×

Get Rich or Die Trying - Black Hat 08072008

Jeremiah Grossman

•

Aug. 09, 2008

• •

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Get Rich or Die Trying
Making money on the Web, the black hat way

Get Rich or Die Trying - Black Hat 08072008

Get Rich or Die Trying - Black Hat 08072008

Next SlideShares

Upcoming SlideShare

Mo' Money Mo' Problems - Making even more money online the black hat way

Mo' Money Mo' Problems - Making even more money online the black hat way

Loading in …3

×

Check these out next

Ethical hacking with Python tools

Jose Manuel Ortega Candel

Black hat hackers

Course on Ehtical Hacking - Introduction

How To Become A Successful Hacker In Only 10 Years

Introduction To Ethical Hacking

ethical hacking in the modern times

пр Спроси эксперта про прогнозы ИБ

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Get Rich or Die Trying - Black Hat 08072008

Aug. 09, 2008

• •

Download to read offline

Business Technology

Forget Cross-Site Scripting. Forget SQL Injection. If you want to make some serious cash on the Web silently and surreptitiously, you don’t need them. You also don’t need noisy scanners, sophisticated proxies, 0-days, or ninja level reverse engineering skills -- all you need is a Web browser, a clue on what to look for, and a few black hat tricks. Generating affiliate advertising revenue from the Website traffic of others, trade stock using corporation information passively gleaned, inhibit the online purchase of sought after items creating artificial scarcity, and so much more. Activities not technically illegal, only violating terms of service.

You may have heard these referred to as business logic flaws, but that name really doesn’t do them justice. It sounds so academic and benign in that context when the truth is anything but. These are not the same ol’ Web hacker attack techniques everyone is familiar with, but the one staring you in the face and missed because gaming a system and making money this way couldn’t be that simple. Plus IDS can’t detect them and Web application firewalls can’t black them. If fact, these types of attacks are so hard to detect (if anyone is actually trying) we aren’t even sure how widespread their use actually is. Time to pull back the cover and expose what’s possible.

Jeremiah Grossman

Founder & CEO at Undisclosed

Forget Cross-Site Scripting. Forget SQL Injection. If you want to make some serious cash on the Web silently and surreptitiously, you don’t need them. You also don’t need noisy scanners, sophisticated proxies, 0-days, or ninja level reverse engineering skills -- all you need is a Web browser, a clue on what to look for, and a few black hat tricks. Generating affiliate advertising revenue from the Website traffic of others, trade stock using corporation information passively gleaned, inhibit the online purchase of sought after items creating artificial scarcity, and so much more. Activities not technically illegal, only violating terms of service.

You may have heard these referred to as business logic flaws, but that name really doesn’t do them justice. It sounds so academic and benign in that context when the truth is anything but. These are not the same ol’ Web hacker attack techniques everyone is familiar with, but the one staring you in the face and missed because gaming a system and making money this way couldn’t be that simple. Plus IDS can’t detect them and Web application firewalls can’t black them. If fact, these types of attacks are so hard to detect (if anyone is actually trying) we aren’t even sure how widespread their use actually is. Time to pull back the cover and expose what’s possible.

Business Technology

More Related Content

Ethical hacking with Python tools

Jose Manuel Ortega Candel

Black hat hackers

Course on Ehtical Hacking - Introduction

How To Become A Successful Hacker In Only 10 Years

Introduction To Ethical Hacking

ethical hacking in the modern times

пр Спроси эксперта про прогнозы ИБ

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Ethical hacking with Python tools

Jose Manuel Ortega Candel

Black hat hackers

Course on Ehtical Hacking - Introduction

How To Become A Successful Hacker In Only 10 Years

Introduction To Ethical Hacking

ethical hacking in the modern times

All these vulnerabilities, rarely matter

Jeremiah Grossman

How to Determine Your Attack Surface in the Healthcare Sector

Jeremiah Grossman

The Attack Surface of the Healthcare Industry

Jeremiah Grossman

Exploring the Psychological Mechanisms used in Ransomware Splash Screens

Jeremiah Grossman

What the Kidnapping & Ransom Economy Teaches Us About Ransomware

Jeremiah Grossman

What the Kidnapping & Ransom Economy Teaches Us About Ransomware

Jeremiah Grossman

Next Generation Endpoint Prtection Buyers Guide

Jeremiah Grossman

Can Ransomware Ever Be Defeated?

Jeremiah Grossman

Ransomware is Here: Fundamentals Everyone Needs to Know

Jeremiah Grossman

Web Application Security Statistics Report 2016

Jeremiah Grossman

15 Years of Web Security: The Rebellious Teenage Years

Jeremiah Grossman

15 Years of Web Security: The Rebellious Teenage Years

Jeremiah Grossman

Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)

Jeremiah Grossman

WhiteHat’s Website Security Statistics Report 2015

Jeremiah Grossman

No More Snake Oil: Why InfoSec Needs Security Guarantees

Jeremiah Grossman

WhiteHat Security 2014 Statistics Report Explained

Jeremiah Grossman

WhiteHat 2014 Website Security Statistics Report

Jeremiah Grossman

Million Browser Botnet

Jeremiah Grossman

WhiteHat Security Website Statistics [Full Report] (2013)

Jeremiah Grossman

Top Ten Web Hacking Techniques of 2012

Jeremiah Grossman

All these vulnerabilities, rarely matter

Jeremiah Grossman

How to Determine Your Attack Surface in the Healthcare Sector

Jeremiah Grossman

The Attack Surface of the Healthcare Industry

Jeremiah Grossman

Exploring the Psychological Mechanisms used in Ransomware Splash Screens

Jeremiah Grossman

What the Kidnapping & Ransom Economy Teaches Us About Ransomware

Jeremiah Grossman

What the Kidnapping & Ransom Economy Teaches Us About Ransomware

Jeremiah Grossman

Cracking The Organisational Appraisal Code

Workforce Group

Module 3_POM.pptx

Immigration Lawyer Austin

Conclusion.pptx

como encontrar a paz

Adrianonofrevanhaand

Zee sir Mktg.pptx

ZeeshanQureshi65

AshishKumar928315

RBI Credit Control.pptx

Slide 2023 Bloomerang Webinar .pdf

Commercial Property Renovations Cheshire.pdf

How To Make A Private Label Hair Loss Shampoo A Great Success.pptx

Urist Cosmetics Inc

IE-02-03 DIAGRAMA UNIFILAR-Model2.pdf

firearm payment processing.pdf

ElectronicTransfer

Final Bloomerang Milestones Presentation.pdf

Buy LIMOUSIN CATTLE

Ayushmansingh83

FAN ASSEMBLYW BLADE 230V ECD0303 for Nor-Lake - Part# 161117-PartsFe.pdf

WAM Corporate Presentation Jan 2023.pdf

Western Alaska Minerals Corp.

Market Failure.pptx

FaheemAhmad643658

Cracking The Organisational Appraisal Code

Workforce Group

Module 3_POM.pptx

Immigration Lawyer Austin

Conclusion.pptx

como encontrar a paz

Adrianonofrevanhaand

Get Rich or Die Trying - Black Hat 08072008

Get Rich or Die Trying Making money on the Web, the black hat way