Got Invited for conducting the workshop on ‘Cyber Security’ at top notch engineering college.
Sardar Patel Institute of Technology, Andheri on 3rd October, 2015.
Student feedback:-
https://drive.google.com/file/d/0B_uWWP1uW7TFWVdTanJFdTlqNkE/view?usp=sharing
Appreciation letter:-
https://drive.google.com/file/d/0B_uWWP1uW7TFMkVVUTR4V1JTN2c/view?usp=sharing
This is a presentation that I shared with a group of College students on Cyber Security.
This was part of the Cyber Safe Tamil Nadu 2009 program organized jointly by NASSCOM, DSCI and the Tamil Nadu police.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
This is a presentation that I shared with a group of College students on Cyber Security.
This was part of the Cyber Safe Tamil Nadu 2009 program organized jointly by NASSCOM, DSCI and the Tamil Nadu police.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
Now a days Cyber Crime is detected as Most Powerful Criminal Activities. If you have no awareness about Cyber Crime and Cyber Security then you might be victim of Any Cyber Crime.
Cyber Security Awareness (Reduce Personal & Business Risk)Gian Gentile
Information Technology is evolving at rapid speeds, and so are the cyber threats / hackers. SecurityRI.com created this SlideShare to help bring awareness to the end-users. Each slide helps explain the threats, and ways to avoid / reduce your exposure.
Please contact us with any questions, and be sure to follow our company account on LinkedIn for daily updates / informational tips.
Thank you!
In present world, where computers/laptops and smart phone made it possible to extract other's secrets, a need has been imminent to handle such problems by Cyber Security Regime, which not only be launched by individuls(IT Expert) of organizations but the governments of the country should also play a vital role.
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
Cyber crime is an activity done using computers and internet. We can say that it is an unlawful acts wherein the computer either a tool or target or both.
This power-point present Explain about security risk by internet to government offices. here is some important tools and method for safely handheld internet
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Cyber security talks 2019 by theko moimaTheko Moima
Cyber awareness for Lesotho armed forces including LMPS. LCS, LDF, NSS and various ministries.
Lesotho is the most cyber insecure country as compared to its peers in the SADC. According to the ITU, Lesotho does not have any Cyber-security strategy etc; but now we are in the process with various stakeholders to make people aware about the need to secure our cyber space by hacking or leaking some information in the presence of the audience.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
Cyber Security: The Strategic View
By: Kah-Kin Ho, Head of Cyber Security Business Development Threat Response, Intelligence and Development (TRIAD)
This session begins by giving an overview of how Cisco sees the challenges and opportunities of cyber security for the Government which include areas such as recent development on applicability of International Law to Cyber conflict, the evolving role of the Government as the legitimate security provider, Public-Private Partnership issues, and the evolving technical, social and political threat landscape. Cisco recognizes that cyber security begins at the policy level and translates through to the operational and system level. We will discuss why an intelligence-led network-centric approach that focuses on enforcing policy, enhancing situational awareness, and providing the insight necessary to tackle threats before they impact information and infrastructure assets is key to Cyber Security.
Now a days Cyber Crime is detected as Most Powerful Criminal Activities. If you have no awareness about Cyber Crime and Cyber Security then you might be victim of Any Cyber Crime.
Cyber Security Awareness (Reduce Personal & Business Risk)Gian Gentile
Information Technology is evolving at rapid speeds, and so are the cyber threats / hackers. SecurityRI.com created this SlideShare to help bring awareness to the end-users. Each slide helps explain the threats, and ways to avoid / reduce your exposure.
Please contact us with any questions, and be sure to follow our company account on LinkedIn for daily updates / informational tips.
Thank you!
In present world, where computers/laptops and smart phone made it possible to extract other's secrets, a need has been imminent to handle such problems by Cyber Security Regime, which not only be launched by individuls(IT Expert) of organizations but the governments of the country should also play a vital role.
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
Cyber crime is an activity done using computers and internet. We can say that it is an unlawful acts wherein the computer either a tool or target or both.
This power-point present Explain about security risk by internet to government offices. here is some important tools and method for safely handheld internet
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Cyber security talks 2019 by theko moimaTheko Moima
Cyber awareness for Lesotho armed forces including LMPS. LCS, LDF, NSS and various ministries.
Lesotho is the most cyber insecure country as compared to its peers in the SADC. According to the ITU, Lesotho does not have any Cyber-security strategy etc; but now we are in the process with various stakeholders to make people aware about the need to secure our cyber space by hacking or leaking some information in the presence of the audience.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
Cyber Security: The Strategic View
By: Kah-Kin Ho, Head of Cyber Security Business Development Threat Response, Intelligence and Development (TRIAD)
This session begins by giving an overview of how Cisco sees the challenges and opportunities of cyber security for the Government which include areas such as recent development on applicability of International Law to Cyber conflict, the evolving role of the Government as the legitimate security provider, Public-Private Partnership issues, and the evolving technical, social and political threat landscape. Cisco recognizes that cyber security begins at the policy level and translates through to the operational and system level. We will discuss why an intelligence-led network-centric approach that focuses on enforcing policy, enhancing situational awareness, and providing the insight necessary to tackle threats before they impact information and infrastructure assets is key to Cyber Security.
Conference Presenation Cyber security and big data , Prof. Lili SaghafiProfessor Lili Saghafi
Cyber security and big data talks about the effect of all the data that every create in the globe and how it affects our lives, I will talk about , Big Data from Social Networking and its effect on Digital Marketing, INFORMATION Assurance, Cyber Crime Definition and Examples, Recent Research Results on Cyber crime and Social Media, Cyber War and finally if there is a solution, what is that Solutions?
Slides from the LMTE Cyber Security Spring Summit held on 20th May 2015 at 99 Bishopsgate. Presenters included Adrian Rands of Quantemplate, Prof Roy Isbell from Warwick University, Daniel Beazer of Peer1 and Rashmi Knowles of RSA.
The current presentation is based on different Cyber Security Threats for 2017 published in Internet. All threats are explained at a high level but at the end of this presentation all references URL are present if you want to investigate deeply any threat.
Read our cybersecurity predictions for 2017: http://researchcenter.paloaltonetworks.com/tag/2017-predictions/
These predictions are part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
That was a training for SCIT Symbiosis students at India before their CTF.
Training link: https://www.youtube.com/watch?v=OYYuagj9ZvA
Training Agenda:
Introduction to cybersecurity
Famous data breaches
How to start in cybersecurity
What is a CTF
CTF types
CTF resources
How to gain money out of hacking
CTF demo “Let’s Play CTF together”
A practical walkthrough into why you need a manual pentest.
Real reasons and metrics from the trenches.
The presentation was delivered during an Episode of the SecRepo Podcast with hosts Mackenzie Jackson and Dwayne McDaniel, who asked very good questions.
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
These are the slides from my "Active Defense - Helping threat actors hack themselves!" presentation at the 11th Annual Northern Kentucky University Cybersecurity Symposium on 10/12/2018.
Title: Active Defense - Helping threat actors hack themselves!
Abstract:
Have you ever received one of those data breach notification letters in the mail? The short-term amends provided for having your personal data compromised is typically in the form of free short-term credit monitoring services. An entire Information Security industry segment has sprung up around Data Loss Prevention (DLP) aimed at stopping confidential data from being "leaked" out of an organization's boundaries for unauthorized use. What if the data breach perpetrators got a healthy dose of their own medicine instead of your private data? We cannot "hack back" legally today, but perhaps we can lure these malicious threat actors into actually hacking themselves... This presentation covers "Active Defense" techniques designed to frustrate data bandits attempting to steal and ex-filtrate our data.
The focus of this presentation is on actively defending a live public facing website. We begin by covering methods to shield innocent users by protecting them from our active defenses. We take advantage of malicious visitor’s impulse to evade all the rules by setting traps designed to ensnare those attempting to steal our data. The techniques covered involve faking accidental exposure and baiting traps using fictitious files and data too irresistible for cyber thieves to ignore. I then demonstrate deployable techniques used to fight back without launching a single attack.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
3. This talk is about
How to kick start your career in to Information Security
How to protect organizations from cyber criminals
Understanding Difference between:-
Ever green - OWASP Top 10 Attack Methodology
4. Before We Start :- Disclaimer
My posts have nothing to do with my company of organization I’m working. Its
strictly educational purpose only.
All the knowledge provided on this slides area unit for academic functions solely.
The positioning is not any approach to blame for any misuse of the knowledge.
This slides is completely meant for providing data on “Computer Security”,
“Computer Programming” and different connected topics and is not any
approach connected towards the terms “CRACKING” or “HACKING” (Unethical).
The word “Hack” or “Hacking” that's used on this slides shall be considered
“Ethical Hack” or “Ethical Hacking” severally.
We tend to believe solely in White Hat Hacking. On the opposite hand we tend to
condemn Black Hat Hacking.
5. Who Am I ?
A researcher in Web Application Security
A Bug Hunter Enthusiast
3+ years of Experience in Information Security
Listed in top sites hall of fame
Speaker @Null Mumbai Chapter
Blogging at http://shield4you.blogspot.in/
A Twitter lover @nilesh_loganx
8. Agenda
The Importance of Cyber Security
Different domains in Cyber Security
Black Hat vs. White Hat vs. Grey Hat
OWASP Top 10 Attack Methodology
Deep Dive into XSS,CSRF and IDOR
Practical Session on various attacks
21. Primary Domains in Information Security
1. Web Application Security / Mobile Application security
2. Network Security
3. Digital forensics
4. Secure Code review
5. Compliance :- ISO/COBIT implementation
6. Fuzzing / Exploitation
22. Must for Info Sec guy:-
https://twitter.com/nilesh_loganx
Follow me + my followers ;)
http://null.co.in/
Subscribe to null mailing list + attend
free trainings
37. Why you should care about XSS ?
So XSS is involved in two recent big HACKS i.e. Apple Developer +
Ubuntu Forums
Story on :- How I Secured Dating Site- Stored XSS
39. A Story Of How I Landed On Dating Site and
Secured it- Stored XSS
http://shield4you.blogspot.in/2015/08/a-story-of-how-i-landed-on-dating-site.html
40. What is XSS ?
According to OWASP:-
Cross-Site Scripting (XSS) attacks are a type of injection, in which
malicious scripts are injected into otherwise benign and trusted web
sites
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
46. 3. DOM based XSS
Basically all HTML documents have an associated DOM, consisting of
objects representing the document properties from the point of view
of the browse
Whenever a script is executed client-side, the browser provides the
code with the DOM of the HTML page where the script runs, thus,
offering access to various properties of the page and their values,
populated by the browser from its perspective.
The script code never gets to the server
55. What is CSRF ?
Wiki Says :-
http://en.wikipedia.org/wiki/Cross-site_request_forgery
56. Description
“Cross-site Request Forgery is a vulnerability in a
website that allows attackers to force victims to
perform security-sensitive actions on that site
without their knowledge.”
63. Latest | News
Blackberry CSRF leading to takeover user profile information
http://shield4you.blogspot.in/2015/08/how-i-hacked-blackberrycom-to-update.html
https://twitter.com/nilesh_loganx/status/630357485262663681
65. Anatomy of CSRF Attack
Step 1: Attacker hosts web pages with pre-populated HTML form data.
Step 2: Victim browses to attacker’s HTML form.
Step 3: Page automatically submits pre-populated form data to a site
where victim has access (No verification done by server as browser is
performing request by checking cookies)
Step 4: Site Authenticates request (with attacker’s form data) as coming
from victim
Result : Attacker’s form data is accepted by server since it was sent from
legitimate user.
66. For more details about CSRF
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP
Chapter
http://www.slideshare.net/Nilesh_logan/null-its-all-about-csrf
Cross Site Request Forgery - Anti-CSRF token bypass
http://shield4you.blogspot.in/2015/03/cross-site-request-forger-anti-
csrf.html
71. Highest paid bounty for IDOR - $20,000
https://fin1te.net/articles/hijacking-a-facebook-account-with-sms/
72. Example 1:- As simple as that
https://hackerone.com/reports/49356
73. Example 2 :- Delete Credit Cards from any
Twitter Account
https://hackerone.com/reports/27404
74. Business Impact :-
Sensitive information retrieval via parameters
Deleting another user’s information
Change delivery address of an order.
View someone's else profile on behalf of authorised user
Reclaiming other user’s data
75. Problem ?
1. No Secure Access model.
2. Numeric IDs.
3. Error message show and tell
4. Inconsistent ID sources
E.g. /abcd/test/123
/abcd/?test=123
76. Practical time
bWAPP – Windows / VM machine
Burp suite-pro
Download link:-
http://sourceforge.net/projects/bwapp/
81. Online testing site – Test without going jail
TARGET 1
http://testasp.vulnweb.com (Forum - ASP)
Bug to find
1. Open redirection
2. Reflected XSS
3. Stored XSS
82. PS:
This presentation is purely to give idea about one of information
security domain (web application) inside view.
Its up to you to decide right carrier path according to your choice /
likes / dislikes