The document discusses the path of cyber security and how to become a hacker or security professional. It outlines the typical steps of penetration testing: reconnaissance and analysis, vulnerability mapping, gaining access, privilege escalation, maintaining access, and covering tracks. It recommends starting with networking and programming skills, focusing on an area of expertise like web security, participating in competitions and creating a practice lab to learn. The presenter gives demonstrations on vulnerable VMs and recommends courses, CTF competitions, and building your own lab to advance your skills in security research, tool development, and operations.
Designing Malware for Modern Red Team and Adversary Tradecraft.
Why using python for building malware?
Lesson learn and consideration.
as presented in PyCon ID 2021 (05/12/2021)
Small discussion on Echo's Hack In The Zoo (HITZ) 2017
Ragunan Zoo Jakarta
Jakarta, 2017-09-09
Frida? It's a Dynamic Binary Instrumentation. DBI.
Let's see what frida can do for us, reverse engineer.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
Designing Malware for Modern Red Team and Adversary Tradecraft.
Why using python for building malware?
Lesson learn and consideration.
as presented in PyCon ID 2021 (05/12/2021)
Small discussion on Echo's Hack In The Zoo (HITZ) 2017
Ragunan Zoo Jakarta
Jakarta, 2017-09-09
Frida? It's a Dynamic Binary Instrumentation. DBI.
Let's see what frida can do for us, reverse engineer.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
( ** Edureka Online Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka "Ethical Hacking using Kali Linux" video will give you an introduction to Ethical Hacking and Kali Linux. This video will give you an exhaustive video on the fundamentals of Kali Linux and teach how to use the operating system along with its various tools. Below are the topics in this video:
What is ethical hacking?
What is Kali Linux?
Why use Kali Linux?
Command Line Essentials
Proxychains
Macchanger
Wireless Penetration Testing
Cracking WPA2 using Aircrack-ng & Crunch
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Pre-auth SYSTEM RCE on Windows Is more common than you think
----
With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin's innocent attempt to fix an issue, turns into complete compromise of entire servers/workstations with no effort needed from the attacker. Tim and Dennis will discuss how we came to this realization and explain how we automated looking for these issues in order to find hundreds of vulnerable machines over the internet. Tim and Dennis explain the tool developed for automation, provide statistics discovered from our research, and go over ways to protect yourself from falling victim to the issue.
Creating HAGRAT, A Remote Access Tool (RAT) and the related Command and Control (C2) infrastructure for Penetration Testing exercises that simlate persistent, targeted attacks.
Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016grecsl
In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
An overview of all things that can go wrong when developers attempt to implement a Chain of Trust also called "secure boot". Starting from design mistakes, we look at crypto problems, logical and debug problems and move towards Side Channel Attacks and Fault Injection.
Focused on Automotive, Pay-TV, Gaming and mobile devices.
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
( ** Edureka Online Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka "Ethical Hacking using Kali Linux" video will give you an introduction to Ethical Hacking and Kali Linux. This video will give you an exhaustive video on the fundamentals of Kali Linux and teach how to use the operating system along with its various tools. Below are the topics in this video:
What is ethical hacking?
What is Kali Linux?
Why use Kali Linux?
Command Line Essentials
Proxychains
Macchanger
Wireless Penetration Testing
Cracking WPA2 using Aircrack-ng & Crunch
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Pre-auth SYSTEM RCE on Windows Is more common than you think
----
With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin's innocent attempt to fix an issue, turns into complete compromise of entire servers/workstations with no effort needed from the attacker. Tim and Dennis will discuss how we came to this realization and explain how we automated looking for these issues in order to find hundreds of vulnerable machines over the internet. Tim and Dennis explain the tool developed for automation, provide statistics discovered from our research, and go over ways to protect yourself from falling victim to the issue.
Creating HAGRAT, A Remote Access Tool (RAT) and the related Command and Control (C2) infrastructure for Penetration Testing exercises that simlate persistent, targeted attacks.
Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016grecsl
In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
An overview of all things that can go wrong when developers attempt to implement a Chain of Trust also called "secure boot". Starting from design mistakes, we look at crypto problems, logical and debug problems and move towards Side Channel Attacks and Fault Injection.
Focused on Automotive, Pay-TV, Gaming and mobile devices.
Two Days National Level Workshop on Network Security on Februrary 27th and 28th 2015 organzied by Department of Computer Science, Rathinam College of Arts and Science, Eachanari, Coimbatore.
The sessions are handled by Mr. Neeraj Kumar, Associate Consultant Information and Network Security, UTL Technologies, Banagalore.
The program was organized in association with UTL Technologies, Bangalore.
ESET researcher Aryeh Goretsky explains in this presentation why he hates the term Advanced Persitent Threats (APT), what are the common mechanisms of APT and what are the defensive technologies.
Slide yang kupresentasikan di PyCon 2019 (Surabaya, 23/11/2019)
Red-Teaming is a simulation of real world hacking against organization. It has little to no limit of time, location, and method to attack. Only results matter. This talk gives insight about how “hacker” works and how python can be used for sophisticated series of attack.
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
Seminar on Mobile Forensic and Computer Security 2017
Universitas Ahmad Dahlan
Yogyakarta, 2017-02-17
dracOs is a linux distro for cyber security activity. But most of us know cyber security as offensive activity. How about digital forensic?
Here we are discussing about dracOs and masterplan for digital forensic in future release.
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Understand How Machine Learning Defends Against Zero-Day ThreatsRahul Mohandas
Detection Challenges
Machine Learning Approaches
Modeling Machine Learning classifiers
Attacks on Machine Learning Defenses
Real Protect
Deep Learning in Sandbox
Man in the Middle, classic but still relevant.
What is MITM? How to achieve it? What impact it have?
Find out MITM in this presentation (Jakarta, 25/07/2020)
Preparation, Activities, Challenges.
Bagaimana memulai karir di bidang Cyber Security?
Apa saja yang perlu dipersiapkan?
Apa rutinitas dan aktivitas yang dilakukan?
Ketahui lebih lanjut di presentasiku ini (Jakarta, 24/06/2020)
small talk about IOT security especially IOT pentesting for beginner. What exactly IOT and how we test it?
Live on Ethical Hacker Indonesia
April 14th 2020
Slide yang kupresentasikan di MII-Intel Seminar (Jakarta, 30/10/2019)
IoT is the Future. Or even, IoT is widely adopted now.
Are you sure you are prepared enough for it? Are confident that your IoT solution is secure?
Presentation for Roadshow of Cyber Security Marathon 2018
Mozilla Community Space
Jakarta, 2018-01-20
How many of you know firmware?
Then how many of you know that firmware can be reversed?
Let's see how can we do that.
The Offensive Python: Practical Python for Penetration TestingSatria Ady Pradana
Presentation for Roadshow of Cyber Security Marathon 2018
Code Margonda
Depok, 2018-01-11
So you got python? How far can you push your python?
Why would hackers love python?
It's not hard to know that python is amazing language. But how amazing it could be for cyber security? Let's see by getting our hands dirty, from simple tasks to more challenging action
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
Seminar on Explicit's Art of Hacking
Telkom University Bandung
Bandung, 2017-11-04
Android security mostly seen as only "exploiting the device with RAT" and some of it. Here, I want to show that there are more than that.
Presentation on Technostar 2017
STMIK Jakarta STI&K
Jakarta, 2017-10-10
General overview of android security from hacker's perspective. Android security mostly seen as only "exploiting the device with RAT" and some of it. Here, I want to show that there are more than that.
2017-07-16
A training for learning the internal of malware.
This version is the compressed version of Malware Engineering & Crafting.
We talk about malware as well as crafting the simple working malware. The goal of this session is to understand malware internal so one can have tactics to combat it.
Reverse Engineering: Protecting and Breaking the Software (Workshop)Satria Ady Pradana
Workshop on Let's Secure Your Code
Universitas Muhammadiyah Surakarta
Surakarta, 2017-05-02
This workshop is a small introductory to Reverse Engineering, with C# and CIL as focus.
The crackme: https://pastebin.com/AS8NEtLc
The challenge: https://pastebin.com/Tb0MutfK
Reverse Engineering: Protecting and Breaking the SoftwareSatria Ady Pradana
Presentation on Let's Secure Your Code
Universitas Muhammadiyah Surakarta
Surakarta, 2017-05-01
Introduction to Reverse Engineering.
This presentation is focusing on software or code, emphasizing on common practice in reverse engineering of software.
Memory Forensic: Investigating Memory Artefact (Workshop)Satria Ady Pradana
Workshop of memory forensic
Atmajaya University
Yogyakarta, 2017-04-29
What is memory forensic? How could it be important? How can we use memory forensic in certain case? Should we do memory forensic?
This is the workshop side with hands-on material.
Presentation of memory forensic
Atmajaya University
Yogyakarta, 2017-04-29
What is memory forensic? How could it be important? How can we use memory forensic in certain case? Should we do memory forensic?
Presentation on STMIK Nusa Mandiri.
Jakarta, 2017-04-25
This talk is an insight about hacking and cyber security in general. Giving the audience the sense of security and fundamental concept of this field.
Presentasi di ID Cert Malware Summit 2017
Bandung, 2017-04-13
Presentasi ini terdiri dari beberapa slide yang membahas subtopik presentasi. Narasi dan penjelasan ada pada notes di setiap slide.
Workshop on Mobile Forensic and Computer Security 2017
Universitas Ahmad Dahlan
Yogyakarta, 2017-02-17
dracOs is a linux distro for cyber security activity. But most of us know cyber security as offensive activity. How about digital forensic?
Here we are discussing about dracOs and masterplan for digital forensic in future release.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
7. We Have So Many Colors
• White Hat
• Gray Hat
• Black Hat
• Red Hat
• Blue Hat
• Green Hat
• etc
http://xathrya.id/ 7
8. The Essence of Hacking
• Getting and using other people’s computers
(without getting caught)
• Defeat protection to attain some goals.
• Exploiting something and gaining profit.
• To have fun.
http://xathrya.id/ 8
9. But my talk wont cover hacking as crime.
Refine word “hacker” to be “security
professional”
We have two sides:
• Attacker
• Defender
http://xathrya.id/ 9
10. Be Defender
• Know why you do this.
• Know how attacker (might) attacks.
• Know how to defend yourself, your assets, etc.
• Know what to do when something happen
• Know why it can be like this.
(If you are screwed, at least you know why)
http://xathrya.id/ 10
11. Be Attacker
• Know how target organized.
• Know how target reacts to certain event.
• Have vast knowledge about system
• Know how to be “evil” (not necessary to be
one)
http://xathrya.id/ 11
12. But I bet you attend this meeting to be attacker.
http://xathrya.id/ 12
14. Stage 1: Reconnaissance
Gathering information, search for valuable
information related to our target. Analyze and
extract knowledge if appropriate.
Basically:
• Footprinting
• OSINT (Open-Source INTelligence)
16. • Reconnaissance is about intelligence
gathering.
• Gaining facts, inferring something, relating
back to target.
• Direct and indirect relevance might be helpful
in later stage.
• The more useful information you get, the
better chance you have to compromise.
http://xathrya.id/ 16
17. Footprinting
Gather information about node, machine, system, infrastructure used.
Grasping the environment before execution.
• Publicly exposed machine
(which one we available to us)
• Open port
(available door to us in)
• Network
(relation of other systems)
• Application
(ex: version)
• Server spesifics
(OS, kernel, important drivers, existing services, etc)
http://xathrya.id/ 17
18. OSINT
• Open Source INTelligence
• Open = overt, publicly available source
• Not about Open-Source Software.
• Try to google yourself, did you find something
useful?
http://xathrya.id/ 18
20. Now apply the same principle to target in
cyberspace.
http://xathrya.id/ 20
21. Stage 2: Vulnerability Mapping
Mapping threats and potential breach to
information found.
• Based on the system we found, what threat
available?
• How we can conduct attack?
• Make priority from the list, decide which one give
greater chance of success.
Simulate scenarios to break in before we get to the
next stage.
22. Your Goal!
• Find possible paths to penetrate target.
• Creating Threat Model is helpful.
http://xathrya.id/ 22
23. Stage 3: Gaining Access
The actual penetrating phase. Our purpose is to
break in, using the vulnerabilities found in
previous steps.
Or we might gain something when we are in this
process. Just populate the list.
24. Your Goal!
• Break in / compromise.
• Create a connection (persistent / non
persistent) between target and us. Mostly
reverse connection.
– Setup listener to receive callback.
– Plant backdoor.
• Do something in target.
– Ex: Create new user
http://xathrya.id/ 24
25. Stage 4: Privilege Escalation
When we break in, we might not have enough
privilege to take over. Therefore, we need to
exploit other thing to take higher privilege.
26. Your Goal!
• Acquire highest or enough privilege to do
something.
http://xathrya.id/ 26
27. Stage 5: Maintaining Access
If we want to do a long-time campaign, we need
to keep the access to compromised host
available.
Corporating malware is one of preferred way.
28. Your Goal!
• Keep access to yourself or your team.
http://xathrya.id/ 28
29. Stage 6: Covering Tracks
Don’t let any trace left.
• Delete logs
• Fabricate logs
(smarter yet trickier way)
Create fake evidence (might be predefined)
• Memory and Pool
• File
30. Bonus Stage
Basically do your mission or fulfill the objective.
• Dump data
• Maintain persistent access
• Harvest credentials
• Pivoting
• Proxying
• Etc
32. How Could I be the One?
Starting Path:
• Networking
• Programming
Security is another application of computer science,
with several extras.
Deep understanding of subjects give better result.
Extra communication skills is better.
http://xathrya.id/ 32
33. Area of Expertise
Some of fields (not all):
• Network Security
• Web Security
• Mobile Security
• IoT & Embedded System Security
Pick one and dive to it.
http://xathrya.id/ 33
34. Exploits
• What is it?
• Why it is important?
• How to develop one?
Exploit is specific to certain product or family of
product, having same / similar vulnerability.
http://xathrya.id/ 34
35. • Given code, find bugs
• Given bugs, how to coerce them into an
exploit?
• Given exploit, how do you deploy it?
• Given pwned system, how do you hide
yourself?
http://xathrya.id/ 35
37. Demo 1 (Web Security)
• Turn Virtualbox / Vmware on!
• Use bWapp VM
http://xathrya.id/ 37
38. Demo 2
• Certain boot2root VM
• Get the write-up on DracOS repository
http://xathrya.id/ 38
39. Okay, so where we can REALLY start learning?
(Assuming you want to be expert)
• Take course on computer science (seriously)
• Participate in competitions
– CTF
– Wargame
• Create practice lab
http://xathrya.id/ 39
40. CTF
• Good environment to learn.
• Normal security professional would do day to
day… on easy mode.
http://xathrya.id/ 40