Ivan Novikov, profile picture
Uploaded byIvan Novikov
180 views

How to hack. Cyprus meetup

This document summarizes a talk on hacking given by Ivan Novikov. The summary includes: 1) Ivan has over 10 years of experience in security audits and has discovered over $1 million in bug bounties. 2) The talk covered different aspects of hacking including perimeter discovery, vulnerability discovery, exploitation, and post-exploitation. Case studies of hacking a gaming platform, e-commerce site, internet bank, payment system, and overall strategy were discussed. 3) Effective security requires knowing your perimeter, managing third party components, testing coverage, monitoring, and incident response.

Embed presentation

Download to read offline
How to hack Security meetup, Limassol, 05/15/18 Ivan Novikov (@d0znpp)
200+ $1M 10+ 1 //(medium|twitter).com/@d0znpp security audits since 2009 total bug bounties and rewards researches and discovers e-book SSRF bible
“Gartner Says Worldwide Information Security Spending Will Grow 7.9 Percent to Reach $81.6 Billion in 2016” 2015 $75 B 2016 $81.6 B This bullet definitely costs more than $156.6 B It’s not a silver… Or the weight is about 269’400 tons
One simple question
How it works?
Why? Two important things since the 30s No documentation (because of the Apple and UX) ● Try to find documentation for Chrome :) ● How to understand that it’s the bug but not a backdoor Closed source software (because of the Intel et al.) ● What’s does “Intel inside” really mean?
Layer cake How many layers do you know? I spent last 10 year for the security and don't sure that know about all of them
Computer science
Information security
What exactly we are doing Perimeter discovery Vulnerability discovery Exploitation Post-exploitation Risk analysis
Perimeter discovery NOC Vulnerability discovery QA engineer Exploitation Developer Post-exploitation DevOps Risk analysis Manager What exactly we are doing
Main aspects Perimeter. Just know your perimeter 3rd party components and software. Just know your requirements Test coverage and test plan Monitoring Incident response
Case #1. Gaming platform (10+ games under the roof) A hacker found SQL injection because on gaming forum The forum was connected to main players database Hackers started to ‘;INSERT INTO stuff SET (<userid>, <rare-stuff-id>, … Then they sold a lot of stuff for 30% price Crash the entire game economy No users report (all of them were happy)
Case #2. E-commerce platform, #1 local market player The point was to ship order with no payment somewhere From the website to corporate network Research how it’s going on inside with shipments Hack the printer and just print an order on it Staff there will use paper to deliver order ;)
Case #3. Internet bank Client-side vector like really Digital signatures everywhere Stored XSS (Cross Site Scripting) in a news feed JavaScript inject to send transactions when token installed on the client side Use the same JS to hide these transactions from the web page ;)
Case #4. Payment system, a secured one We tried to hack smth but were failed Perimeter discovery process identified IoT devices inside corporate AS (thanks BGP) Found security cameras which protects private space (home of one of the co-founder) Hacked DVR device (Digital Video Recorded) inside home network Found VPN from there to corporate network Hacked power device in a datacenter to avoid isolation
Case #5. Hack them all!
Thanks! Follow me: @d0znpp Twitter, Medium, Facebook, Telegram, Snapchat https://www.forbes.com/sites/forbestechcouncil/people/ivannovikov/
How to hack. Cyprus meetup

More Related Content

PPTX
Vishwadeep Presentation On NSA PRISM Spying
byVishwadeep Badgujar
 
PDF
OSINT with Practical: Real Life Examples
bySyedAmoz
 
DOC
NCSO
byAvraham Lerner
 
PDF
Advanced Research Investigations for SIU Investigators
bySloan Carne
 
PDF
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...
byNicholas Tancredi
 
PDF
Weaponizing OSINT – Hacker Halted 2019 – Michael James
byEC-Council
 
PDF
How We Got Here: A History of Computer Security And Its Design
byUXPALA
 
PPT
Forensic Science Informatics P3 M3 D3
bySteve Bishop
 
Vishwadeep Presentation On NSA PRISM Spying
byVishwadeep Badgujar
 
OSINT with Practical: Real Life Examples
bySyedAmoz
 
NCSO
byAvraham Lerner
 
Advanced Research Investigations for SIU Investigators
bySloan Carne
 
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...
byNicholas Tancredi
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
byEC-Council
 
How We Got Here: A History of Computer Security And Its Design
byUXPALA
 
Forensic Science Informatics P3 M3 D3
bySteve Bishop
 

Similar to How to hack. Cyprus meetup

PDF
CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar Raz
byCODE BLUE
 
PPTX
Hackers contemplations
byChris Roberts
 
PDF
RIoT (Raiding Internet of Things) by Jacob Holcomb
byPriyanka Aash
 
PDF
How we breach small and medium enterprises (SMEs)
byNCC Group
 
PPTX
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
byAvansa Mid- en Zuidwest
 
PPTX
State of the information security nation
bySensePost
 
PDF
6 ways to hack your JavaScript application by Viktor Turskyi
byOdessaJS Conf
 
PDF
Keynote fx try harder 2 be yourself
byDefconRussia
 
PPT
Hackers
byAlvaro Cipriano
 
PPT
Hackers
byyozusaki
 
PPT
Hackers
byguesta04f59b
 
PPTX
Year of pawnage - Ian trump
byMAXfocus
 
PPTX
Ple18 web-security-david-busby
byDavid Busby, CISSP
 
PPT
Hacking and its Defence
byGreater Noida Institute Of Technology
 
PDF
Introduction to Cybersecurity | IIT(BHU)CyberSec
byYashSomalkar
 
PDF
OWASP Top 10 - 2017
byHackerOne
 
PPT
How to become Hackers .
byGreater Noida Institute Of Technology
 
PDF
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
byShah Sheikh
 
PPT
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
PPT
Top Five Internal Security Vulnerabilities
byPeter Wood
 
CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar Raz
byCODE BLUE
 
Hackers contemplations
byChris Roberts
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
byPriyanka Aash
 
How we breach small and medium enterprises (SMEs)
byNCC Group
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
byAvansa Mid- en Zuidwest
 
State of the information security nation
bySensePost
 
6 ways to hack your JavaScript application by Viktor Turskyi
byOdessaJS Conf
 
Keynote fx try harder 2 be yourself
byDefconRussia
 
Hackers
byAlvaro Cipriano
 
Hackers
byyozusaki
 
Hackers
byguesta04f59b
 
Year of pawnage - Ian trump
byMAXfocus
 
Ple18 web-security-david-busby
byDavid Busby, CISSP
 
Hacking and its Defence
byGreater Noida Institute Of Technology
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
byYashSomalkar
 
OWASP Top 10 - 2017
byHackerOne
 
How to become Hackers .
byGreater Noida Institute Of Technology
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
byShah Sheikh
 
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
Top Five Internal Security Vulnerabilities
byPeter Wood
 

More from Ivan Novikov

PDF
Where is my silver bullet?!
byIvan Novikov
 
PDF
OpenSSL rands (fork-safe)
byIvan Novikov
 
PDF
Data normalization weaknesses
byIvan Novikov
 
PDF
Lie to Me: Bypassing Modern Web Application Firewalls
byIvan Novikov
 
PDF
Distributed computing in browsers as client side attack
byIvan Novikov
 
PDF
Yandex rewards. ONsec experience
byIvan Novikov
 
PDF
SSRF workshop
byIvan Novikov
 
Where is my silver bullet?!
byIvan Novikov
 
OpenSSL rands (fork-safe)
byIvan Novikov
 
Data normalization weaknesses
byIvan Novikov
 
Lie to Me: Bypassing Modern Web Application Firewalls
byIvan Novikov
 
Distributed computing in browsers as client side attack
byIvan Novikov
 
Yandex rewards. ONsec experience
byIvan Novikov
 
SSRF workshop
byIvan Novikov
 

Recently uploaded

PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PPTX
JAVA Programming Lecture 1 C 4 Yourself.pptx
byyvsbglfaeahuyldzhq
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PPTX
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
JAVA Programming Lecture 1 C 4 Yourself.pptx
byyvsbglfaeahuyldzhq
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 

How to hack. Cyprus meetup

  • 1.
    How to hack Securitymeetup, Limassol, 05/15/18 Ivan Novikov (@d0znpp)
  • 2.
    200+ $1M 10+ 1 //(medium|twitter).com/@d0znpp security audits since 2009 totalbug bounties and rewards researches and discovers e-book SSRF bible
  • 3.
    “Gartner Says Worldwide InformationSecurity Spending Will Grow 7.9 Percent to Reach $81.6 Billion in 2016” 2015 $75 B 2016 $81.6 B This bullet definitely costs more than $156.6 B It’s not a silver… Or the weight is about 269’400 tons
  • 4.
  • 5.
  • 6.
    Why? Two importantthings since the 30s No documentation (because of the Apple and UX) ● Try to find documentation for Chrome :) ● How to understand that it’s the bug but not a backdoor Closed source software (because of the Intel et al.) ● What’s does “Intel inside” really mean?
  • 7.
    Layer cake How manylayers do you know? I spent last 10 year for the security and don't sure that know about all of them
  • 8.
  • 9.
  • 10.
    What exactly weare doing Perimeter discovery Vulnerability discovery Exploitation Post-exploitation Risk analysis
  • 11.
    Perimeter discovery NOC Vulnerabilitydiscovery QA engineer Exploitation Developer Post-exploitation DevOps Risk analysis Manager What exactly we are doing
  • 13.
    Main aspects Perimeter. Justknow your perimeter 3rd party components and software. Just know your requirements Test coverage and test plan Monitoring Incident response
  • 14.
    Case #1. Gamingplatform (10+ games under the roof) A hacker found SQL injection because on gaming forum The forum was connected to main players database Hackers started to ‘;INSERT INTO stuff SET (<userid>, <rare-stuff-id>, … Then they sold a lot of stuff for 30% price Crash the entire game economy No users report (all of them were happy)
  • 15.
    Case #2. E-commerceplatform, #1 local market player The point was to ship order with no payment somewhere From the website to corporate network Research how it’s going on inside with shipments Hack the printer and just print an order on it Staff there will use paper to deliver order ;)
  • 16.
    Case #3. Internetbank Client-side vector like really Digital signatures everywhere Stored XSS (Cross Site Scripting) in a news feed JavaScript inject to send transactions when token installed on the client side Use the same JS to hide these transactions from the web page ;)
  • 17.
    Case #4. Paymentsystem, a secured one We tried to hack smth but were failed Perimeter discovery process identified IoT devices inside corporate AS (thanks BGP) Found security cameras which protects private space (home of one of the co-founder) Hacked DVR device (Digital Video Recorded) inside home network Found VPN from there to corporate network Hacked power device in a datacenter to avoid isolation
  • 18.
    Case #5. Hackthem all!
  • 19.
    Thanks! Follow me: @d0znpp Twitter,Medium, Facebook, Telegram, Snapchat https://www.forbes.com/sites/forbestechcouncil/people/ivannovikov/