SlideShare a Scribd company logo

Hacking WordPress... and countermeasures.

Nestor Angulo de Ugarte
Nestor Angulo de Ugarte

A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this. This talk was presented in the WordCamp Osaka 2019.

Technology
1 of 69
Download to read offline
4
Hacking WordPress & Countermeasures NESTOR ANGULO DE UGARTE WORDCAMP OSAKA 2019 #WCOSAKA
こんにちわ! 6
Who I am 7 u Computer Science Engineer & Technology consultant u Photographer & Early Adopter u Truly curious guy u 2015: SUCURI Incident Response & Easy SSL u 2019: GoDaddy Spain Interim Head of IT @ GoDaddy Spain
Where is カ ナリア諸島 8
9 About u Sucuri: Anaconda (No Securi / Security) u Website security u Fully remote (people from > 25 countries around the world) u 2008: Foundation u 2017: Proud part of the GoDaddy family u Free scanners: u Sitecheck (sitecheck.sucuri.net) u Performance (performance.sucuri.net)
10 #WCOsaka2019 Nestor Angulo (@pharar)
Concepts GIVING CONTEXT 11 #WCOsaka2019NestorAngulo(@pharar)
DISCLAIMER 12 #WCOsaka2019 Nestor Angulo (@pharar) Any sensitive information has been protected/encrypted to preserve privacy. Any similiarity with reality is a coincidence. I’m responsible of what I say, not what you interpret. Always ask an expert.
#WCOsaka2019 Nestor Angulo (@pharar) 13
#WCOsaka2019 Nestor Angulo (@pharar) 14 ハッキングされた企業と、 ハッキングされたことをま だ知らない企業の2種類があ ります。
HACKER VS Cyberterrorist 15 #WCOsaka2019 Nestor Angulo (@pharar) Hacker: Curious person who loves to go beyond limits or convetionalisms. Cyberterrorist / Cracker: Computer Hacker, whom intentions are always aligned to enrich himself in a zero- sum game situation. The bad guy
Hacker Hat Colours 16 u Black Hat Cyberterrorist, thief u Grey Hat White Hat using illegal procedures u White Hat Security Analyst, ethical hacker
Malware u Software intentionally designed to cause damage to a computer, client, or computer network. u Some types: u Backdoors, zero-day u Exploits u Trojan horses, Fremium plugins u Ransomware, Spyware u Adware, Scareware 17
CyberSecurity & Web Security 18 u Cybersecurity: Security in the digital world u Web Security: Field of Cybersecurity u Covers what happens through port 80 / 443
FACTS 19 Site hacking almost never is client-oriented (98% of cases) Almost always happens due to a deficient monitoring / maintenance A SSL certificate is not an antihacking shield Patches & security updates appear almost always after hacking exploits Errare Humanum Est (Human being fails) Security never is (nor will be) 100% effective
FACTS 20 Source: Website Hack Trend Report 2018 – sucuri.net
The Art of War IN THE MIND OF YOUR ENEMY
Common Targets 22 #WCOsaka2019 Nestor Angulo (@pharar) Users info Database Website Content Infrastructure Bot Net Reputation
Know your weaknesses 23 u You are your weakest point u You can be scammed u Passwords. u Vulnerable to brute force attacks u Leftovers u Admin users u Outdated/vulnerable software u Enabled/Disabled not-in-use plugins/themes u Non-secure connection (avoid public wifi) u Vulnerable to Man-In-the-Middle attacks
Hacking WordPress. The Process 24 Vulnerability ->Exploit Injection Final code Backdoor Spam / defacement BotNode Final code
Definitions 25 u Vulnerability u Bug in the code or posibility of misuse that can be exploited to perform unauthorized actions within a computer system. u Exploit u Software that leverages a vulnerability u Backdoor u Malware which allows remote execution of code
WPScan Vulnerability Database wpvulndb.com 26
Gallery of Horrors 27 #WCOsaka2019NestorAngulo(@pharar)
Defacements
Defacements
Example 1: Photographer Gallery 30
31 #WCOsaka2019NestorAngulo(@pharar)
32 #WCOsaka2019NestorAngulo(@pharar)
Example 2: Pet food store 33
34
35
Bonus 36
37
DEFACEMENTS 38 #WCOsaka2019 Nestor Angulo (@pharar) Partial / full replacement of website frontend. Very obvious Easy detection: - Users (hear them!) - Scanners Target: Awareness or social/political revindication
Black Hat SEO / Spam
40
41
42
43
44
BLACK HAT SEO / SPAM 45 #WCOsaka2019 Nestor Angulo (@pharar) Spam/unwanted content in your site Detection: - Scanners (Easy) - Users (hear them!) - Search Engine warnings Target: Your SEO and reputation
DDoS Attacks / BotNets
Definitions 47 u DoS attack - Denial of Service - Overhelmed application due to a huge amount of petitions u DDoS attack u Distributed DoS u BotNet u Net of websites linked to act coordinated u Have bot nodes and a bot master
Normal, tending to calm 48
49
50
BOTNETS, CRYPTOMINERS, DDOS 51 #WCOsaka2019 Nestor Angulo (@pharar) Affecting to your infrastructure Detection: - Usually difficult - Strange use of resources - File Integrity Scanner WAF recommended Target: - Your server’s resources - User’s resources. - Zombie node
Countermeasures REACTIVES AND PROACTIVE MEASURES 52 #WCOsaka2019NestorAngulo(@pharar)
Characters in the Story (if something happens) 53 You • Owner / Admins • Developer & Designer • Users/clients Hosting Provider • Agent / C3 • Support & Backups Security Expert • Security department • External services
Security in Layers 54 u You ( the weakest layer ) u Your device ( Antivirus ) u Your connection ( SSL ) u Your website ( WAF ) u Your credentials ( Strong Passwords / 2FA ) u Your site security ( monitor / updates ) u Your server security ( monitor / updates ) u Your database ( monitor ) u Maintenance tasks
Measures: Reactive vs Proactive 55 #WCOsaka2019 Nestor Angulo (@pharar) Reactive: When bad things have already happened Pain mitigation Proactive: Before anything bad happens Risk mitigation
#WCOsaka2019 Nestor Angulo (@pharar) Reactive measures u Scan your site: uStatus: Sitecheck.sucuri.net uBlacklist: Virustotal.com u CRC: Check, Remove and Change u Update u Restore a backup 56
57 #WCOsaka2019NestorAngulo(@pharar)
#WCOsaka2019 Nestor Angulo (@pharar) Proactive measures u Reduce admins, plugins and themes u Backups u Updates u Invest in Hosting & Security u WAF 58
The more Doors, the higher Risk 59 #WCOsaka2019 Nestor Angulo (@pharar) “To Caesar, what is Caesar’s”. Admin stuff with admin account. The rest, with a limited account The more admins, plugins and themes the more risk (even when disabled). All user’s passwords MUST be unique and strong (better with 2FA when possible) Applied to all layers (wp-admin, [S]FTP, cPanel, dashboard, db, …)
BACKUPS 60 u Have a backups strategy uNEVER store the backups in your production server uA clean and FUNCTIONAL backup will be your best friend a bad day
BACKUPS 61 u Have a backups strategy uNEVER store the backups in your production server uA clean and backup will be your best friend a bad day
Updates 62 u PLUGINS u THEMES u CORE u PHP u APACHE / NGINX u SERVER u CPANEL / PLESK u …
Updates 63 Source: Web Professional Security Survey 2019 – Sucuri.net
Remember to Invest in 64 #WCOsaka2019 Nestor Angulo (@pharar) SECURITY HOSTING
Hosting 65 #WCOsaka2019 Nestor Angulo (@pharar) FIRST LAYER OF YOUR SITE’S DEFENSE BALANCE BETWEEN PRICE AND FEATURES THEY ARE IN CHARGE OF THE SERVER’S SERVICES, DATABASE AND MAINTENANCE
Shared hosting vs dedicated #WCOsaka2019NestorAngulo(@pharar) 66
Source: 2019 Sucuri survey to ecommerce owners. 67
WAF Your guard dog 68 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WIDELY KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, IMPROVES YOUR SITE’S SPEED & PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
WAF Your guard dog 69 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WELL KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, YOUR SITE WILL IMPROVE ITS SPEED AND PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
70 #WCOsaka2019 Nestor Angulo (@pharar)
71 #WCOsaka2019NestorAngulo(@pharar)
ありがとうござ いました︕ ご質問は︖ 72 @pharar #WCOSAKA2019

Recommended

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016
Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec Crossroads
Saumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 

Recommended

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016
Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec Crossroads
Saumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
James Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
Peter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
Saumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
Saumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
Cyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
Avkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Saumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
Sebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
Ammar WK
 
Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
Nestor Angulo de Ugarte
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
Nestor Angulo de Ugarte
 

More Related Content

What's hot

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
James Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
Peter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
Saumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
Saumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
Cyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
Avkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Saumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
Sebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
Ammar WK
 

What's hot (20)

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 

Similar to Hacking WordPress... and countermeasures.

Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
Nestor Angulo de Ugarte
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
Nestor Angulo de Ugarte
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
vodQA
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!
Amit Gundiyal
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
Sébastien GIORIA
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
ThreatReel Podcast
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
lior mazor
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
Shakacon
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
The Security of Things Forum
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
Nikhil Mittal
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
Sebastien Gioria
 

Similar to Hacking WordPress... and countermeasures. (20)

Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 

More from Nestor Angulo de Ugarte

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?
Nestor Angulo de Ugarte
 
Limpiar Sitios Hackeados
Limpiar Sitios HackeadosLimpiar Sitios Hackeados
Limpiar Sitios Hackeados
Nestor Angulo de Ugarte
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.
Nestor Angulo de Ugarte
 
Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?
Nestor Angulo de Ugarte
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las Backdoors
Nestor Angulo de Ugarte
 
Backdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el MaloBackdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el Malo
Nestor Angulo de Ugarte
 

More from Nestor Angulo de Ugarte (6)

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?
 
Limpiar Sitios Hackeados
Limpiar Sitios HackeadosLimpiar Sitios Hackeados
Limpiar Sitios Hackeados
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.
 
Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las Backdoors
 
Backdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el MaloBackdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el Malo
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 

Hacking WordPress... and countermeasures.