HoneyCon 2014

•

1 like•577 views

Chia-Hao Tsai

HoneyCon 2014

Technology News & Politics

Outline
● Ask questions any time
● HoneyCon Agenda
● CTF Time

The INFORMATION contained in
this slide are generated by random
alphanumeric and the images are
randomly selected from web.

Attack Event
● Past
○ ATM 變彈珠台
○ Web ATM Vulnerability [2]
○ Website hacked [3]
○ Spam
○ Home router as botnet [4]
○ APT on government [5]

Attack Event (cont’d)
● Current
○ APT
○ Hack as a Service [6]
○ Mobile Hacking [7]
○ Heartbleed [8]
○ Orphan (DNS / NTP) Server
○ IOT Hacking

SPAM
● The email which you did not want it
○ Random generate
○ APT
● Spam contains
○ Phishing link
○ Malware
○ CryptoLocker [10]
○ ...

SPAM + Exploit
● So receive spam have no danger if I…
○ Not download the attachment?
○ Not click the link?
● Exploit on Reception Software
○ Malicious webpage
○ document preview
○ ...

DDoS
● Past
○ Ping to Death
○ SYN Flood
○ TearDrop Attack
○ Slow I/O Attack
○ …
● Design issue on program / protocol

DDoS
● Current
○ Reflected attack
○ GSM
○ LOIC (低軌道離子砲)
○ SPAM
● Attack target
○ Bandwidth / Infrastructure / Service

DDoS + DNS / NTP
● 七傷拳
○ I DDoS U === U DDoS I
● 放大攻擊 (Reflection)
○ GET request => Full webpage
○ DNS request => DNS response
○ ...

Avoid DDoS
● Illusory
○ High-End firewall
○ ISP
○ Lots of backends
● Hacker always attack the weakness
○ Load balancer / Proxy Server / DNS Server / ...

Hard to Avoid DDoS
● Pattern matching
○ Not immediately respond
○ How about simulate general user
○ Variant is easy
● Total solution
○ 鎖國政策?
○ ISP?

HoneyPot
● A trap set to detect an unauthorized user.
○ 蜜罐 / 誘捕系統
○ A logging system based on full / simulation system
● Concept
○ Assume should be hacked
○ Logging
○ Analysis

HoneyPot (cont’d)
● Low-interaction
○ Dionae / HoneyD / Kippo / Glastopf / Conpot
● High-interaction
○ Honeypot / Sebek
● Real Honeypot
○ HonEeeBox
○ Raspberry PI (潮)

HoneyPot + Analysis
● SPAM
○ Register a never used mail domain
○ Receive mail => SPAM which send to random addr
● SandBox
○ Simulate human behavior
○ Analysis the system status

HoneyPot + Analysis
● HoneyPot always be hacked
○ Too many events
○ Hard to analysis by trace the log one-by-one
● Visualization
○ 潮

● Capture the Flag
○ Problem solve
○ Put flat on the website
○ Protect your server
● Under the rule
○ you can do anything…
What’s CTF

HoneyCon - CTF Rules
1. Honeycon2014 會議期間參賽隊伍可隨時連線至
WarGame主機參賽。
2. 參賽者必需維持所守護主機的網頁服務正常運作，並對外
公開服務。
3. 刻意的D[D]oS行為將被取消比賽資格。
4. 任何防礙遊戲進行之行為，將被取消比賽資格。
5. 攻防行為僅限於WarGame環境中進行。
6. 遊戲中會有GM一同參與。
7. 遊戲中可能會有中毒的風險。
8. 獲獎隊伍需進行技術分享。

Why CTF
● Practice as a hacker in legal way
● Simulate how hacker to attack
● Defence hacker

How CTF
● In the open network
○ On-line
○ Give a hink (IP address with service / binary)
○ Find the flag
● In the closed network
○ Non-limit
○ All device in subnet can be hacked

PenTest Flow
● Social Engineering
● Scan by nmap [9] (DDoS…)
● Choice one target / service
○ Web / SSH / SMB / FTP / UPnP / IRC / ...
● Hacking

Reference
1. http://www.honeynet.org/
2. http://www.i-security.tw/learn/tips_content.asp?Tid=134
3. http://www.zone-h.org/archive
4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor-
found-several-d-link-router-models/
5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in-
the-cyber-war/
6. https://blog.damballa.com/archives/330
7. http://www.ewdna.com/2014/05/phishing.html
8. http://www.ithome.com.tw/special_report/heartbleed
9. http://nmap.org/
10. http://www.ithome.com.tw/node/83226

Similar to HoneyCon 2014

Pen Testing Development

CTruncer

Unmasking miscreants

Brandon Levene

Slides from workshop delivered at Brucon 2017 Conference in Gent, Belgium. Data exfiltration is the process of transmitting data from pwned or infected networks back to the attacker while trying to minimize detection. During this workshop (2 hours) we will go through different network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). I will explain how they work, how to run them and what differences between are. It is a highly interactive workshop (I have dozen short labs already prepared) where you will be guided through the use of a set of open source tools powered by a short-fast theory.

May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.

Leszek Mi?

Hyper Island - 2012

Detectify

Hit by a Cyberattack: lesson learned

B.A.

Crawler

hackstuff

One of the most powerful tools that Fastly offers is worldwide, instant purge. Come learn the ins and outs of how HTTP invalidation works in general and how purge and surrogate keys can be used to improve your site's delivery and get even more value from Fastly. This talk will also cover the purge blast radius Surrogate Keys are an amazing way to purge your content from cache, but they can be a bit scary when you aren't sure how many URLs this surrogate key is tied to or what kind of affect this will have on origin. Join the USA Today Network as we explain how we leverage big data tools, Go APIs, New Relic, and Sumo Logic to provide our users a suite of tools for purging content from Fastly. Developers love knowing the blast radius of their surrogate keys, while our engineers love the real-time metrics and notifications we get when developers are hard-purging content.

Altitude San Francisco 2018: HTTP Invalidation Workshop

Fastly

Playlist preprogramming, from (almost) nothing to something cool, ASKIP

Pierre BERTRAND

Web application security and why you should review yours, is a whole stack look skydive without a parachute, let's try not to die as we explore what is an attack surface, Arcronym hell, Vulnerability naming, Detection or provention is there a place for both or none, emerging oss technologies which can help you, a firehose review of compromises 2014 through 2018, and finally a live compromise demo covering everything we've discussed as being 'bad' ... or as often happens the backup video.

Ple18 web-security-david-busby

David Busby, CISSP

Mux loves Clickhouse. By Adam Brown, Mux founder

Altinity Ltd

TSC Summit #4 - Howto get browser persitence and remote execution (JS)

Mikal Villa

MobSecCon 2015 - Burning Marshmallows

Ron Munitz

Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...

RootedCON

The day I ruled the world (RootedCON 2020)

Javier Junquera

Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018

Mender.io

The Game of Bug Bounty Hunting - Money, Drama, Action and Fame

Abhinav Mishra

Digital forensics and giving evidence by Jonathan Haddock

Alex Cachia

On hacking & security

Ange Albertini

Presented on May 21, 2017 at CarolinaCon (https://www.carolinacon.org). This talk will provide a light intro to honeypots and their benefits, and highlight two projects HoneyPy and HoneyDB. Operating honeypot sensors on your internal network is a simple way to make your network “noisy” and can trip up malicious actors that have already penetrated your network. Also, leveraging data from honeypot sensors on the Internet can be a useful source of threat information.

HoneyPy & HoneyDB (CarolinaCon 13)

Phillip Maddux

Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter

Abhinav Mishra

Similar to HoneyCon 2014 (20)

Pen Testing Development

Unmasking miscreants

May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.

Hyper Island - 2012

Hit by a Cyberattack: lesson learned

Crawler

Altitude San Francisco 2018: HTTP Invalidation Workshop

Playlist preprogramming, from (almost) nothing to something cool, ASKIP

Ple18 web-security-david-busby

Mux loves Clickhouse. By Adam Brown, Mux founder

TSC Summit #4 - Howto get browser persitence and remote execution (JS)

MobSecCon 2015 - Burning Marshmallows

Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...

The day I ruled the world (RootedCON 2020)

Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018

The Game of Bug Bounty Hunting - Money, Drama, Action and Fame

Digital forensics and giving evidence by Jonathan Haddock

On hacking & security

HoneyPy & HoneyDB (CarolinaCon 13)

Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf

Presentation on how to chat with PDF using ChatGPT code interpreter

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Finology Group – Insurtech Innovation Award 2024

Artificial Intelligence: Facts and Myths

GenCyber Cyber Security Day Presentation

How to Troubleshoot Apps for the Modern Connected Worker

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Tech Trends Report 2024 Future Today Institute.pdf

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Automating Google Workspace (GWS) & more with Apps Script

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Data Cloud, More than a CDP by Matt Robison

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Exploring the Future Potential of AI-Enabled Smartphone Processors

Boost Fertility New Invention Ups Success Rates.pdf

HoneyCon 2014

1. HoneyCon 2014 jeytsai@NIT

2. Outline ● Ask questions any time ● HoneyCon Agenda ● CTF Time

3. The INFORMATION contained in this slide are generated by random alphanumeric and the images are randomly selected from web.

4. HoneyCon Agenda

5. Attack Event ● Past ○ ATM 變彈珠台 ○ Web ATM Vulnerability [2] ○ Website hacked [3] ○ Spam ○ Home router as botnet [4] ○ APT on government [5]

6. Attack Event (cont’d) ● Current ○ APT ○ Hack as a Service [6] ○ Mobile Hacking [7] ○ Heartbleed [8] ○ Orphan (DNS / NTP) Server ○ IOT Hacking

7. SPAM ● The email which you did not want it ○ Random generate ○ APT ● Spam contains ○ Phishing link ○ Malware ○ CryptoLocker [10] ○ ...

8. SPAM + Exploit ● So receive spam have no danger if I… ○ Not download the attachment? ○ Not click the link? ● Exploit on Reception Software ○ Malicious webpage ○ document preview ○ ...

9. DDoS ● Past ○ Ping to Death ○ SYN Flood ○ TearDrop Attack ○ Slow I/O Attack ○ … ● Design issue on program / protocol

10. DDoS ● Current ○ Reflected attack ○ GSM ○ LOIC (低軌道離子砲) ○ SPAM ● Attack target ○ Bandwidth / Infrastructure / Service

11. DDoS + DNS / NTP ● 七傷拳 ○ I DDoS U === U DDoS I ● 放大攻擊 (Reflection) ○ GET request => Full webpage ○ DNS request => DNS response ○ ...

12. Avoid DDoS ● Illusory ○ High-End firewall ○ ISP ○ Lots of backends ● Hacker always attack the weakness ○ Load balancer / Proxy Server / DNS Server / ...

13. Hard to Avoid DDoS ● Pattern matching ○ Not immediately respond ○ How about simulate general user ○ Variant is easy ● Total solution ○ 鎖國政策? ○ ISP?

14. HoneyPot ● A trap set to detect an unauthorized user. ○ 蜜罐 / 誘捕系統 ○ A logging system based on full / simulation system ● Concept ○ Assume should be hacked ○ Logging ○ Analysis

15. HoneyPot (cont’d) ● Low-interaction ○ Dionae / HoneyD / Kippo / Glastopf / Conpot ● High-interaction ○ Honeypot / Sebek ● Real Honeypot ○ HonEeeBox ○ Raspberry PI (潮)

16. HoneyPot + Analysis ● SPAM ○ Register a never used mail domain ○ Receive mail => SPAM which send to random addr ● SandBox ○ Simulate human behavior ○ Analysis the system status

17. HoneyPot + Analysis ● HoneyPot always be hacked ○ Too many events ○ Hard to analysis by trace the log one-by-one ● Visualization ○ 潮

18. CTF Time

19. ● Capture the Flag ○ Problem solve ○ Put flat on the website ○ Protect your server ● Under the rule ○ you can do anything… What’s CTF

20. HoneyCon - CTF Rules 1. Honeycon2014 會議期間參賽隊伍可隨時連線至 WarGame主機參賽。 2. 參賽者必需維持所守護主機的網頁服務正常運作，並對外公開服務。 3. 刻意的D[D]oS行為將被取消比賽資格。 4. 任何防礙遊戲進行之行為，將被取消比賽資格。 5. 攻防行為僅限於WarGame環境中進行。 6. 遊戲中會有GM一同參與。 7. 遊戲中可能會有中毒的風險。 8. 獲獎隊伍需進行技術分享。

21. Why CTF ● Practice as a hacker in legal way ● Simulate how hacker to attack ● Defence hacker

22. How CTF ● In the open network ○ On-line ○ Give a hink (IP address with service / binary) ○ Find the flag ● In the closed network ○ Non-limit ○ All device in subnet can be hacked

23. PenTest Flow ● Social Engineering ● Scan by nmap [9] (DDoS…) ● Choice one target / service ○ Web / SSH / SMB / FTP / UPnP / IRC / ... ● Hacking

24.

25. Reference 1. http://www.honeynet.org/ 2. http://www.i-security.tw/learn/tips_content.asp?Tid=134 3. http://www.zone-h.org/archive 4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor- found-several-d-link-router-models/ 5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in- the-cyber-war/ 6. https://blog.damballa.com/archives/330 7. http://www.ewdna.com/2014/05/phishing.html 8. http://www.ithome.com.tw/special_report/heartbleed 9. http://nmap.org/ 10. http://www.ithome.com.tw/node/83226

26. Thanks for your attention Q&A

HoneyCon 2014

Recommended

Recommended

More Related Content

Similar to HoneyCon 2014

Similar to HoneyCon 2014 (20)

More from Chia-Hao Tsai

More from Chia-Hao Tsai (11)

Recently uploaded

Recently uploaded (20)

HoneyCon 2014