The document provides an overview of real life hacking 101, beginning with information gathering techniques like WHOIS lookups and port scanning to identify entry points and vulnerabilities. It discusses indirect requests like searching public records and direct requests like fingerprinting systems. It covers common system vulnerabilities from configuration errors to weak password policies and out-of-date patching. The document also explains common web application vulnerabilities like cross-site scripting, SQL injection, and CSRF attacks that abuse user inputs. It emphasizes the importance of secure development practices and security testing to prevent exploits.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
CheckPlease is the go-to repository for the newest targeted payload and sandbox-detection modules. This repository is for defenders to harden their sandboxes and AV tools, malware researchers to discover new techniques, and red teamers to get serious about their payloads.
Presented at Steelcon 2017
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
CheckPlease is the go-to repository for the newest targeted payload and sandbox-detection modules. This repository is for defenders to harden their sandboxes and AV tools, malware researchers to discover new techniques, and red teamers to get serious about their payloads.
Presented at Steelcon 2017
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
Japan is recently experiencing a rise in targeted attacks. However, it is rare that details of such attacks are revealed. Under this circumstance, JPCERT/CC has been investigating the attack operations targeting Japanese organizations including the government and leading enterprises. We have especially been tracking two distinct cases over a prolonged period.
The first case, which became public in 2015, drew nationwide attention for victimizing several Japanese organizations. In this case, the attacker conducts sophisticated attacks through network intrusion and targeting weak points of the organizations.
The second case has been continuously targeting certain Japanese organizations since 2013. Although this case has not drawn as much attention, the attacker has advanced techniques and uses various interesting attack methods.
This presentation will introduce the above two attack operations, including attack techniques we revealed through prolonged investigation, the malware/tools being used, as well as useful techniques/tools for analyzing related malware.
Ethical hacking is the process by which an authorised individual uses the methods and techniques of an adversary (hacker) with the intention of identifying vulnerabilities before an organisation is compromised. In order to understand how an attacker identifies, targets and compromises a system, this workshop will begin with a case study—but this won’t be a boring lecture on what went wrong. This will be a live-hack demo where you will experience the process from first encounter through full network access.
This presentation was delivered at RSA Asia Pacific and Japan in Singapore on the 16th July 2019.
This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.
The Hunter Games: How to Find the Adversary with Event Query LanguageRoss Wolf
Circle City Con 2019 and BSides SATX 2019
Abstract:
How do you find malicious activity? We often resort to the cliche, you know it when you see it, but how do you even see it, without drowning in data? MITRE’s ATT&CK knowledge base organizes adversary behavior into tactics and techniques, and orients our approach to endpoint data. It suggests questions that might be worth asking, but not a way to ask them. The Event Query Language (EQL) allows a security analyst to naturally express queries for IOC search, hunting, and behavioral detections, while remaining platform and data source agnostic.
In this talk, I will demonstrate the iterative process of establishing situational awareness in your environment, creating targeted detections, and hunting for the adversary in your environment with real data, queries, and results.
Jednym z najistotniejszych czynników wspierających ochronę krytycznej infrastruktury sieciowej jest czas reakcji zespołu reagowania na incydenty bezpieczeństwa (Incident Response Team).
Im szybciej, tym lepiej. Rozwiązania wspomagające wczesne wykrywanie ataków oparte o pasywną analizę zapytań DNS, zbiorów danych Netflow czy PCAP warto wesprzeć coraz częściej docenianą i wykorzystywaną produkcyjnie infrastrukturą typu honeynet. Rozsądne osadzenie sond honeypotowych w różnych segmentach sieci pozwoli na wykrycie ataku już w początkowych fazach rekonesansu i enumeracji. Dzięki honeypotom niejednokrotnie uzyskamy także szczegółowe informacje na temat nowej techniki ataku, próby wykorzystania błędu typu 0-day czy bardzo specyficznego użycia znanych od lat narzędzi.
"Know your enemy" - to dewiza, którą powinniśmy się kierować w trosce o rozwój defensywnych umiejętności zespołów bezpieczeństwa i honeypotowa sieć zdecydowanie posiada tu dużą wartość.
Podczas prelekcji postaram się przedstawić sposoby wykorzystania jak i możliwości oferowane przez open source'owe rozwiązania typu honeypot. Będziemy mówić o pojedynczych projektach imitujących rzeczywiste usługi (DNS, SMB, SSH, SCP/SFTP, FTP, telnet, HTTP, TFTP, MySQL/MSSQL, RDP i wiele innych), wstrzykiwaniu poprzez reverse proxy honeypotowych zawartości do aplikacji webowych, atakowaniu atakujących;) , kończąc na dedykowanych platformach z wbudowanych stackiem ELK.
This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
Japan is recently experiencing a rise in targeted attacks. However, it is rare that details of such attacks are revealed. Under this circumstance, JPCERT/CC has been investigating the attack operations targeting Japanese organizations including the government and leading enterprises. We have especially been tracking two distinct cases over a prolonged period.
The first case, which became public in 2015, drew nationwide attention for victimizing several Japanese organizations. In this case, the attacker conducts sophisticated attacks through network intrusion and targeting weak points of the organizations.
The second case has been continuously targeting certain Japanese organizations since 2013. Although this case has not drawn as much attention, the attacker has advanced techniques and uses various interesting attack methods.
This presentation will introduce the above two attack operations, including attack techniques we revealed through prolonged investigation, the malware/tools being used, as well as useful techniques/tools for analyzing related malware.
Ethical hacking is the process by which an authorised individual uses the methods and techniques of an adversary (hacker) with the intention of identifying vulnerabilities before an organisation is compromised. In order to understand how an attacker identifies, targets and compromises a system, this workshop will begin with a case study—but this won’t be a boring lecture on what went wrong. This will be a live-hack demo where you will experience the process from first encounter through full network access.
This presentation was delivered at RSA Asia Pacific and Japan in Singapore on the 16th July 2019.
This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.
The Hunter Games: How to Find the Adversary with Event Query LanguageRoss Wolf
Circle City Con 2019 and BSides SATX 2019
Abstract:
How do you find malicious activity? We often resort to the cliche, you know it when you see it, but how do you even see it, without drowning in data? MITRE’s ATT&CK knowledge base organizes adversary behavior into tactics and techniques, and orients our approach to endpoint data. It suggests questions that might be worth asking, but not a way to ask them. The Event Query Language (EQL) allows a security analyst to naturally express queries for IOC search, hunting, and behavioral detections, while remaining platform and data source agnostic.
In this talk, I will demonstrate the iterative process of establishing situational awareness in your environment, creating targeted detections, and hunting for the adversary in your environment with real data, queries, and results.
Jednym z najistotniejszych czynników wspierających ochronę krytycznej infrastruktury sieciowej jest czas reakcji zespołu reagowania na incydenty bezpieczeństwa (Incident Response Team).
Im szybciej, tym lepiej. Rozwiązania wspomagające wczesne wykrywanie ataków oparte o pasywną analizę zapytań DNS, zbiorów danych Netflow czy PCAP warto wesprzeć coraz częściej docenianą i wykorzystywaną produkcyjnie infrastrukturą typu honeynet. Rozsądne osadzenie sond honeypotowych w różnych segmentach sieci pozwoli na wykrycie ataku już w początkowych fazach rekonesansu i enumeracji. Dzięki honeypotom niejednokrotnie uzyskamy także szczegółowe informacje na temat nowej techniki ataku, próby wykorzystania błędu typu 0-day czy bardzo specyficznego użycia znanych od lat narzędzi.
"Know your enemy" - to dewiza, którą powinniśmy się kierować w trosce o rozwój defensywnych umiejętności zespołów bezpieczeństwa i honeypotowa sieć zdecydowanie posiada tu dużą wartość.
Podczas prelekcji postaram się przedstawić sposoby wykorzystania jak i możliwości oferowane przez open source'owe rozwiązania typu honeypot. Będziemy mówić o pojedynczych projektach imitujących rzeczywiste usługi (DNS, SMB, SSH, SCP/SFTP, FTP, telnet, HTTP, TFTP, MySQL/MSSQL, RDP i wiele innych), wstrzykiwaniu poprzez reverse proxy honeypotowych zawartości do aplikacji webowych, atakowaniu atakujących;) , kończąc na dedykowanych platformach z wbudowanych stackiem ELK.
This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.
Predictive Analytics World, the leading vendor-neutral predictive analytics conference, is holding its forth annual conference this November, 3rd-4th in Berlin, Germany at Estrel Hotel. PAW focuses on concrete examples of applied predictive analytics. Join PAW Berlin to learn exactly how top practitioners deploy predictive analytics, and the business impact it delivers.
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Protecting Financial Networks from Cyber CrimeLancope, Inc.
Financial services organizations are prime targets for cyber criminals. They must take extreme care to protect customer data, while also ensuring high levels of network availability to allow for 24/7 access to critical financial information. Additionally, industry consolidation has created large, heterogeneous network environments within large financial institutions, making it difficult to ensure that networks have the necessary visibility and protection to prevent a devastating security breach. By leveraging NetFlow from existing network infrastructure, financial services organizations can achieve comprehensive visibility across even the largest, most complex networks. The ability to quickly detect a wide range of potentially malicious activity helps prevent damaging data breaches and network disruptions. Attend this informational webinar, conducted by Lancope’s Director of Security Research, Tom Cross, to learn: How NetFlow can help quickly uncover both internal and external threats How pervasive network insight can accelerate incident response and forensic investigations How to substantially decrease enterprise risks
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it.
Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...ssuser7dcef0
Power plants release a large amount of water vapor into the
atmosphere through the stack. The flue gas can be a potential
source for obtaining much needed cooling water for a power
plant. If a power plant could recover and reuse a portion of this
moisture, it could reduce its total cooling water intake
requirement. One of the most practical way to recover water
from flue gas is to use a condensing heat exchanger. The power
plant could also recover latent heat due to condensation as well
as sensible heat due to lowering the flue gas exit temperature.
Additionally, harmful acids released from the stack can be
reduced in a condensing heat exchanger by acid condensation. reduced in a condensing heat exchanger by acid condensation.
Condensation of vapors in flue gas is a complicated
phenomenon since heat and mass transfer of water vapor and
various acids simultaneously occur in the presence of noncondensable
gases such as nitrogen and oxygen. Design of a
condenser depends on the knowledge and understanding of the
heat and mass transfer processes. A computer program for
numerical simulations of water (H2O) and sulfuric acid (H2SO4)
condensation in a flue gas condensing heat exchanger was
developed using MATLAB. Governing equations based on
mass and energy balances for the system were derived to
predict variables such as flue gas exit temperature, cooling
water outlet temperature, mole fraction and condensation rates
of water and sulfuric acid vapors. The equations were solved
using an iterative solution technique with calculations of heat
and mass transfer coefficients and physical properties.
2. Who am I ?
● Batard Florent
● http://code-artisan.io
● @artisan_code
● Security Engineer
– Ethical Hacker for 10 years
– Security Contests (0daysober)
– Globe Trotter (UK, USA, Swiss, France, Japan)
– Lately on the Defense side as a programmer
3. test
Summary
● Introduction
● Information gathering
● Indirect requests
● Direct requests
● System security
● Configuration errors
● Password policy
● Patching
● Web Security
– XSS
– SQL Injection
– CSRF
4. test
What is Hacking ?
Use or abuse a resources in way that was not predicted by the
creator in order to change the behavior
5. test
Attack chronology
● Information gathering
● Getting information about the target
● Indirect / Direct requests
● Fingerprinting
● Analysis
● Determing the security flaw
● Discover the tools to perform the attack
● Attack
● Exploitation
● Expand in the network
● Spread in the internal network
7. test
Introduction
● The first step of any attack is the information gathering
process
● Identify the entry point of the target
● List all the public information we can use
● Other information can be gathered with technical
tools
● The most effective way is the « social
engineering »
– Contact the target and ask him sensitive
information (Freshman, secretary...)
8. test
Indirect requests
● « Whois » database listing
● All the information asked at registration process
– Administrative informations
● Name, address, phone number
– Technical information
● DNS server
● Email addresses for social engineering
● IP range of the target
● All these information are public
9. test
WHOIS
● Use of the tool « whois »
● whois domain.tld ou whois IP address
Domain Information:
a. [Domain Name] WHIZZ-TECH.CO.JP
g. [Organization] Whizz Technology Co., Ltd.
l. [Organization Type] Company
m. [Administrative Contact] HS9536JP
n. [Technical Contact] HS9536JP
p. [Name Server] ns1.whizz-tech.co.jp
s. [Signing Key]
[State] Connected (2015/03/31)
[Registered Date] 2005/03/29
[Connected Date] 2005/06/18
[Last Update] 2014/04/01 01:41:01 (JST)
Contact Information: [ 担当者情報 ]
a. [JPNIC ハンドル ] HS9536JP
b. [ 氏名 ] 杉本 展将
c. [Last, First] Sugimoto, Hi-
royuki
d. [ 電子メイル ] hiroyuki@whi-
temap.net
f. [ 組織名 ] 有限会社ウィズテ
クノロジー
g. [Organization] Whizz Techno-
logy Co., Ltd.
k. [ 部署 ]
l. [Division]
m. [ 肩書 ] 代表取締役
n. [Title] President
o. [ 電話番号 ] 06-6242-7288
p. [FAX 番号 ]
y. [ 通知アドレス ]
[ 最終更新 ] 2005/03/29
12:02:01 (JST)
form@dom.jprs.jp
10. test
Indirect requests
● SNS
– Every bit of public information published can be
used against you
– Information are used to build password bank tailo-
red to hack you(https://github.com/Netflix/Scumblr)
● People Search
– https://pipl.com/
– http://www.peekyou.com/
11. test
Direct requests
● Active discoveries on the network
● Port scan
– Identify open ports
– Several methods can be used
● Fingerprinting
– Getting the banner of services
– Identify service and its version
– Identify the Operating System
14. test
Other methods
● SNMP
● Identify SNMP community
– Get information on the target
● Netbios
● Communication protocol for windows
– Guest/Null account sometimes activated
● Enumerate shared_folder
● Enumerate users/groups/administrators
15. test
Social Engineering
● The art of manipulating people to make them reveal
sensitive information
● Phone the target pretending to be someone else
● The victim often doesn't realize what she is
doing
● We will use everything we discovered on indirect
requests
● Most of the time it's the most effective way to retrieve
useful information
● Difficult to protect your company
17. test
System vulnerability
● What is a « system » vulnerability ?
● Configuration mistake
– Leave the default configuration
– High privilege for low task
● Bad password policy
– Default password
– Weak password
● Bad patching policy
– New vulnerabilities but OS are not up to date
● Easy exploitation
19. test
Configuration error
● Development configuration kept after production de-
ployment
● Devices
– Default SNMP community
– Installation password
● Applications
– Default password
– Debugging activated
– Example files
20. test
Password policy
● The most secure system will always be weak if protec-
ted by a too simple password
● Usually people will choose the easiest password
a system can accept
– Hacking is even easier if passwords aren't
strong enough
● Passwords should be encrypted in the
application
– If a hacker get into database, all passwords
will be revealed
● Users usually re-use the same password
everywhere
21. test
Password types
● Not accessible (stored in database)
● Hacker must interactively break the password
and cause noisy logs
● Encrypted/Hashed passwords
● Allow discrete offline attacks
● ClearText passwords
● = win!
22. test
Password attacks
● Interactive
● No encrypted version of the password
– Medusa
– Hydra
● Slow and noisy
● Offline
● Possess an encrypted version of password
– John The Ripper
– Cain
– L0phtcrack
● Quick and discrete but not always possible
23. test
Patching
● Update management
● Need a security policy in the company
● Last patches should always be deployed on ALL
machines
● One vulnerable computer can be the entry point
for the whole network
● As an attacker it's always more convenient to
attack the most vulnerable machine on the
network
● Tools to know : Metasploit, Nessus
24. test
Problems
● Vulnerabilities are often released publicly
● Accessible for anybody
● Automatic script to exploit them
● Typically
● Discovery through a vulnerability scanner like
Nessus
● Exploit the vulnerability with Metasploit
– At the end → total control of the target
26. test
Application Vulnerabilities
● Target a specific application
● Out of scope for system administrator
● Developers responsability
● The hacker can modify the behavior of the application
● Use of the application that wasn't planned by the
developers
● Nowadays, most likely in web applications
27. test
Parameters
● User can interact with website through parameters :
● GET : parameters sent in the URL
– search.php?query=toto
● POST : parameters sent in the message body
– Usually for forms submission
● These parameters can ALWAYS be tampered by
an attacker
● Tools to know : BurpSuite, Owasp ZAP,
Postman
28. test
Cross-Site Scripting
● Allow code execution in the browser , most likely in
Javascript
● Problem occurs when user inputs are interpreted
as regular client-side source code.
● Hacker can inject HTML tags and Javascript
inside the page
– Control over the display of the page
● Images
● Javascript (Framework & Components)
● Use your page for evil purpose
http://beefproject.com
30. test
SQL Injection
● Langage used to query databases
● To select data :
– SELECT column_name FROM table WHERE
condition
● Exemple
– SELECT contenu FROM news WHERE id=1
● Used by website to retrieve persistent information
31. test
SQL Injection examples
● Original request :
● http://site/news.php?id=1
– SELECT * FROM news WHERE id = 1
– Return the news with the id : 1
● Hijacked request :
● http://site/news.php?id=1 OR 1=1
– SELECT * FROM news WHERE id = 1 OR
1=1 // TRUE
– Return all the news !
33. test
Goal for the hacker
● Hijack authentication process
● Explore the database
● Retrieve hidden information
– Passwords of users and admin
● Interaction with the system through database
● Read file
● Write files
● Command execution
34. test
Cross Site Request Forgery
● Scenario :
● http://mybank.com/?transfer=100&from=123&to=321
● You have a session active => request accepted
● What if I send you that link in a iframe or a mail ?
– I can forge an address to compromise you
– Session is still active so it will be accepted
– CSRF-token = unpredictable token we cannot forge
● We set email or reset password
35. test
What to do as a developer ?
● Learn the basics of security (www.owasp.org)
– OWASP Top 10
● Check your application source code
– OWASP ASVS http://code-artisan.io/owasp-asvs-3-0-cheatsheet/
● Add security tests case to your unit tests
– « OR 1 = 1 »
– « <script>alert(‘hello’)</script> »
● Check the security updates of your tools
– Web Frameworks Security Releases
– Change default configuration !
● Check your security with professional services
– Www.detectify.com OR https://vaddy.net/
– Yours truly
36. test
How to become a hacker ?
Train and learn
– WebGoat
– DVWA (Damn Vulnerable Web App)
– Kali Linux (Security Distribution with all tools)
● Check the tools :
– Metasploit
– SkipFish
– Nikto
– Wpscan