Shodan is a search engine that indexes internet-connected devices. This document provides an overview of how to use Shodan's basic search functions to identify vulnerabilities, including case studies on default credentials for Cisco devices and other internet of things devices. It also discusses how to defend against Shodan searches and tools for scanning your own network and systems.
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.
What is Shodan?
- Search engine for the Internet connected devices by John Matherly (@achillean).
- Probes devices on specific ports, aggregates the output and indexes aka Google for TCP banners
- Has a powerful API, Python & Ruby libraries
- Integration with Maltego, Metasploit & Armitage.
Find out all detail about SHODAN search engine - Heaven of Hacker. Check it out for more detail about how SHODAN works and how to use it effectively. Check out more at http://www.shodan.io
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.
What is Shodan?
- Search engine for the Internet connected devices by John Matherly (@achillean).
- Probes devices on specific ports, aggregates the output and indexes aka Google for TCP banners
- Has a powerful API, Python & Ruby libraries
- Integration with Maltego, Metasploit & Armitage.
Find out all detail about SHODAN search engine - Heaven of Hacker. Check it out for more detail about how SHODAN works and how to use it effectively. Check out more at http://www.shodan.io
You have more to secure than ever before. A data breach can happen to any organization, and it's a growing concern among companies both large and small. Take a look at these best practices and see if any of these have gotten lost as you consider your 2017 plan.
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
EC-Council Certified Ethical Hacker (CEH) program is the worlds most advanced ethical hacking course. Help information security professionals master hacking technologies. They will become a hacker, but an ethical one!
ITpreneurs has formed a partnership with EC-Council to provide a diverse portfolio of IT Security training and certifications in the Middle East (Kingdom of Saudi Arabia, United Arab Emirates, Kuwait, Oman, Bahrain, Qatar, Lebanon, Jordan) and Turkey. EC Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for information security professionals and e-business. ITpreneurs partners can provide unique offerings to help their clients in these countries to manage the emerging challenges posed by cyber security related threats.
Contact us today on info@itpreneurs.com and find out how you can bring EC-Council training to your clients.
It's the PPT of the presentation at Null Hyd June 2014 meet.
I tried to make it as simple as i can :)
Share if you like and please let me know your suggestions :)
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
You have more to secure than ever before. A data breach can happen to any organization, and it's a growing concern among companies both large and small. Take a look at these best practices and see if any of these have gotten lost as you consider your 2017 plan.
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
EC-Council Certified Ethical Hacker (CEH) program is the worlds most advanced ethical hacking course. Help information security professionals master hacking technologies. They will become a hacker, but an ethical one!
ITpreneurs has formed a partnership with EC-Council to provide a diverse portfolio of IT Security training and certifications in the Middle East (Kingdom of Saudi Arabia, United Arab Emirates, Kuwait, Oman, Bahrain, Qatar, Lebanon, Jordan) and Turkey. EC Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for information security professionals and e-business. ITpreneurs partners can provide unique offerings to help their clients in these countries to manage the emerging challenges posed by cyber security related threats.
Contact us today on info@itpreneurs.com and find out how you can bring EC-Council training to your clients.
It's the PPT of the presentation at Null Hyd June 2014 meet.
I tried to make it as simple as i can :)
Share if you like and please let me know your suggestions :)
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
Tempered Networks' presentation at the recent Rockwell Automation Fair 2016 helps viewers understand why it's so challenging and complex to connect and secure industrial IoT and SCADA systems. The future of networking and security must be based on 'host identity' not spoofable IP addresses.
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
DEF CON 23
Internet of Things: Hacking 14 Devices
It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices.
We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices.
Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is!
Devices:
Dlink DCS-2132L
Dropcam Pro
Foscam FI9826W
Simplicam
Withings Baby Monitor
Ecobee
Hive
Honeywell Lyric
Nest Thermostat
Nest Protect
Control4 HC-250
Lowes Iris
Revolv
SmartThings
Samsung Smart Refrigerator (model RF28HMELBSR)
Samsung LED Smart TV (model UN32J5205AFXZA)
REASON:
The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category.
While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
The networking equipment like switches and routers have historically been considered as passive elements in implementations of the security architecture. However, the new programming capabilities of these devices involve the risk of malicious software. If this risk materializes, imagine the consequences to the company\'s information. This presentation shows proof of concept on what features could support a malware inside IOS devices, how to detect it, how to remediate it and how to minimize the risk of occurrence within a security architecture.
Every wondered how to make your code physically interact with things in the real world? Got a home automation project in mind? In this presentation we will cover:
o) How to get started with Raspberry Pi and C#
o) The numerous sensors and actuators you can control
o) How to navigate basic electronics
o) Different interfaces and how to program them
o) Demonstrations of devices at work
o) Azure IoT Hub to control your code from the cloud
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
The Meraki app for Splunk Phantom uses the Meraki dashboard API to locate end-user devices within one or more organizations, networks / devices, and to bind a configuration template to a specified network.
Top 10 Web Hacks
Every year the number and creativity of Web hacks increases, and the damage from these attacks rises exponentially, costing organizations millions every year.
Join this webinar to learn about the latest and most insidious Web-based attacks. The much anticipated list, now in its seventh year, represents exhaustive research conducted by a panel of experienced security industry professionals. Learn the latest of the worst in Web hacks, and how to protect your organization.
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
http://blog.whitehatsec.com/top-ten-web-hacking-techniques-of-2012/
Recorded Webinar: https://www.whitehatsec.com/webinar/whitehat_webinar_march2713.html
Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivilents. Beyond individual vulnerabilities with CVE numbers or system compromises, here we are solely focused on new and creative methods of Web-based attack. Now it its seventh year, The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work. Past Top Tens and the number of new attack techniques discovered in each year:
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
Mist.io helps you manage and monitor your virtual machines across multiple clouds with a mobile friendly web app. This presentation took place in CoLab, Athens 27 September 2012, during the Greek AWS user group meetup.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
5. Outline
What is SHODAN?
Basic Operations
Penetration Testing
Case Study 1: Cisco Devices
Case Study 2: Default Passwords
Case Study 3: Other Example
6. 什麼是Shodan.io?
It is a computer search engine designed by web developer
John Matherly (https://twitter.com/achillean). See
https://www.shodan.io
While SHODAN is a search engine, it is much different than
content search engines like Google, Yahoo or Bing.
9. Shodan和 Google之不同
SHODAN interrogates ports and grabs
the resulting banners, then indexes the
banners (rather than the web content)
for searching.
10. Basic Operations: Search
Search terms are entered into a text box. See the following:
Quotation marks can narrow a search.
Boolean operators + and – can be used to include and
exclude query terms (+ is implicit default)
11. Basic Operations: Login
Create and login using a SHODAN account.
Login is notrequired, but country and net filters are not
available unless you login.
23. Basic Operations: Export
SHODAN lets you export up to 10,000 results per credit in
XML format.
Credits can be purchased online.
Sample data export file is available.
25. Pen Testing: HTTP Status Codes
Status Code Description
200 OK Request succeeded
401 Unauthorized Request requires authentication
403 Forbidden
Request is denied regardless of authentication
26. Pen Testing: Assumptions
“200 OK” banner results will load without any
authentication (at least not initially).
“401 Unauthorized” banners with www-authenticate
indicate a username and password pop-up box
(authentication is possible but not yet accomplished, as
distinguished from “403 Forbidden”).
Some banners advertise defaults.
29. Case Study: Cisco Devices
HTTP/1.1 401 Unauthorized
Date: Tue, 10 Oct 2017 02:46:53 GMT
Server: cisco-IOS
Connection: close
Accept-Ranges: none
WWW-Authenticate: Basic realm="level_15 or
view_access"
HTTP/1.1 200 OK
Date: Tue, 10 Oct 2017 02:27:21 GMT
Server: cisco-IOS
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Expires: Tue, 10 Oct 2017 02:27:21 GMT
Last-Modified: Tue, 10 Oct 2017 02:27:21 GMT
30. Case Study: Cisco Results
Search Results
Cisco 1,274,229
Cisco-ios 384,925
Cisco www-authenticate 630,390
Cisco last-modified 3,482
Cisco last-modified www-authenticate 54
The results on the previous slide suggest there are potentially 3,400+ Cisco devices that do not require
authentication.
33. Case Study: Default Passwords
An example of a “default password” result:
◦ ****** Important Banner Message ******
◦ Enable and Telnet passwords are configured to "password".
◦ HTTP and HTTPS default username is "admin" and password is "password".
◦ Please change them immediately.
◦ The ethernet 0/1 interface is enabled with an address of 10.10.10.1
◦ Telnet, HTTP, and HTTPS access are also enabled.
◦ To remove this message, while in configuration mode type "no banner motd".
40. What is SCADA?
全名:Supervisory Control and Data Acquisition
資料採集與監控系統(Ex: 廢水處理場、機場捷運中控)
DCS(Distributed Control System): 分散式控制系統
PLC(Programmable Logic Controller): 可編程邏輯控制器
RTU(Remote Terminal Unit): 遠端終端控制系統
HMI(human machine interface):人機介面
41. SCADA, ICS, DCS不同?
ICS ~= SCADA ~= DCS
Programmable logic controllers (PLCs)
Discrete process control systems (DPCs)
50. Defend from Google Hacking
http://resources.infosecinstitute.com/defending-from-google-hackers/
http://www.robotstxt.org/orig.html#meta
One of the simple rules is that Web site administrators can create a robots.txt file that specifies
particular locations, so that the search engine should not explore and store in its cache.
The following allows all robots to visit all files:
User-agent: * or googlebot
Disallow: /
51. Defend from Google Hacking
The following meta tag will prevent all robots from scanning any links on the site.
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
We can also deny or allow certain spiders using this tag.
Example: <META NAME="GOOGLEBOT" CONTENT="NOINDEX, NOFOLLOW">
52. Check your own site - SiteDigger
Gooscan
Sitedigger
Wikto
53. Check your own site - Wikto
Wikto: http://sectools.org/tool/wikto
54. Protect Networks Against Shodan Searches
限制公開的服務和設備的數量,確認哪些設備和服務的實際需要遠端存取,
並驗證防火牆規則。
若一定要遠端存取,建議使用VPN Tunnel
更改預設的連接埠
修改回應的banner或關閉banner
封鎖Shodan Server的IP位址, for example:
https://geek.net.pl/poradniki/obrona-wyszukiwarka-shodan-lista-adresow-ip
55. Internet of Things Scanner(1/3)
• http://iotscanner.bullguard.com
• Check if your internet-connected devices at home
are public on Shodan. If they are, this means they
are accessible to the public, and hackers.
Industrial control systems (ICS) is a major segment within the operational technology sector. It comprises systems that are used to monitor and control industrial processes. This could be mine site conveyor belts, oil refinery cracking towers, power consumption on electricity grids or alarms from building information systems. ICSs are typically mission-critical applications with a high-availability requirement.
Most ICSs fall into either a continuous process control system, typically managed via programmable logic controllers (PLCs), or discrete process control systems (DPC), that might use a PLC or some other batch process control device.
Industrial control systems (ICS) are often managed via a Supervisory Control and Data Acquisition (SCADA) systems that provides a graphical user interface for operators to easily observe the status of a system, receive any alarms indicating out-of-band operation, or to enter system adjustments to manage the process under control.