Advanced data mining in my sql injections using subqueries and custom variablesDefCamp
This document discusses advanced MySQL injection techniques using custom variables and subqueries. It provides examples of different types of SQL injections like UNION-based, error-based, and blind injections. It also explains how to use MySQL custom variables and subqueries to optimize data extraction from the database in SQL injection attacks. The techniques allow retrieving database names, table names, column names, user privileges and reading/writing files on the server.
The document discusses various techniques for injecting code into processes including DLL injection, API hooking, and loading a portable executable (PE) file into another process's memory. It provides code to load a PE file from disk into the memory of a running process, modify the process's context to start execution at the loaded code's entry point, and resume the thread.
Advanced data mining in my sql injections using subqueries and custom variablesDefCamp
This document discusses advanced MySQL injection techniques using custom variables and subqueries. It provides examples of different types of SQL injections like UNION-based, error-based, and blind injections. It also explains how to use MySQL custom variables and subqueries to optimize data extraction from the database in SQL injection attacks. The techniques allow retrieving database names, table names, column names, user privileges and reading/writing files on the server.
The document discusses various techniques for injecting code into processes including DLL injection, API hooking, and loading a portable executable (PE) file into another process's memory. It provides code to load a PE file from disk into the memory of a running process, modify the process's context to start execution at the loaded code's entry point, and resume the thread.
Stephan Gerling in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Stefan Zarinschi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Bridging the gap between CyberSecurity R&D and UXDefCamp
(1) The document discusses bridging the gap between research and development (R&D) and user experience (UX) in product development.
(2) It emphasizes the importance of asking questions to understand user needs, focusing on user feelings over features, and ensuring users understand how to use products easily.
(3) The key lessons are to thoroughly question requirements, balance R&D and UX priorities, focus on satisfying core users, understand what users truly value, and make products feel intuitive and fast to use.
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This document discusses multi-factor authentication (MFA) and methods for bypassing it. It defines MFA as requiring more than one validation procedure to authenticate individuals. It describes the different factors of authentication as something you know, something you have, and something you are. It outlines various deployment modules for each factor type, including passwords, tokens, biometrics. It also covers challenges of MFA implementation and methods attackers could use to bypass MFA security, such as email filtering or legacy protocol exploitation.
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
This document discusses threat hunting and practical approaches to threat hunting. It defines threat hunting as proactively searching through data to detect threats that evaded traditional security measures. It argues that threat hunting is more effective than reacting to incidents. The document provides guidance on log collection, developing situational awareness, hunting hosts and networks, maintaining a flexible mindset, and sharing findings. It suggests starting with small data collection and focusing on important systems and network areas. The goal is to understand normal behavior and detect anomalies.
Building application security with 0 money downDefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Implementation of information security techniques on modern android based Kio...DefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The challenge of building a secure and safe digital environment in healthcareDefCamp
Jelena Milosevic in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Timing attacks against web applications: Are they still practical?DefCamp
This document discusses the practicality of timing attacks against web applications. It begins by explaining what a timing attack is and detailing the author's plan to conduct one against a target application. The plan involved studying the application's code, pinpointing an exploitable function, collecting timing data, filtering noise, and reducing the search space. The author was able to measure response times and identify spikes but encountered challenges averaging server performance. They demonstrate conducting a timing attack to recover hashed credentials over many requests. Ultimately, while timing attacks can be efficient, they are difficult to execute remotely and most applications and servers have protections that render the attacks impractical. Constant-time algorithms and rate limiting are presented as solutions to prevent these types of attacks.
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
Ionut-Cristian Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
This document summarizes a presentation about vulnerabilities found in electric vehicle charging stations. The presentation covered:
1) Several vulnerabilities were found in the Bluetooth and Wi-Fi stacks that could allow access to the vendor's internal network, including arbitrary file writes, command injection, and buffer overflows.
2) The vulnerabilities were disclosed responsibly to the vendor, who developed a detailed plan and released updated firmware within a few months to address all issues.
3) Electric vehicles and charging stations are an important area for continued security research given the protocols for wireless communication, transactions, and vehicle-to-charger interfaces.
Cristian Pațachia-Sultănoiu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This document discusses watering hole attacks, a type of cyber attack where hackers compromise frequently visited websites to infect visitors' devices through drive-by exploits. It describes how watering hole attacks work, why they are difficult to detect, and introduces DEKENEAS, an AI-based solution developed by the author to detect watering hole attacks through analyzing obfuscated JavaScript. DEKENEAS trains on over 40,000 malicious redirect samples to recognize behavioral patterns and classify code as malicious or not. When tested on 10,000 new samples and top websites, it achieved 100% detection of unknown implants with no false negatives and a very low false positive rate of 0.00023%.
Stephan Gerling in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Stefan Zarinschi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Bridging the gap between CyberSecurity R&D and UXDefCamp
(1) The document discusses bridging the gap between research and development (R&D) and user experience (UX) in product development.
(2) It emphasizes the importance of asking questions to understand user needs, focusing on user feelings over features, and ensuring users understand how to use products easily.
(3) The key lessons are to thoroughly question requirements, balance R&D and UX priorities, focus on satisfying core users, understand what users truly value, and make products feel intuitive and fast to use.
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This document discusses multi-factor authentication (MFA) and methods for bypassing it. It defines MFA as requiring more than one validation procedure to authenticate individuals. It describes the different factors of authentication as something you know, something you have, and something you are. It outlines various deployment modules for each factor type, including passwords, tokens, biometrics. It also covers challenges of MFA implementation and methods attackers could use to bypass MFA security, such as email filtering or legacy protocol exploitation.
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
This document discusses threat hunting and practical approaches to threat hunting. It defines threat hunting as proactively searching through data to detect threats that evaded traditional security measures. It argues that threat hunting is more effective than reacting to incidents. The document provides guidance on log collection, developing situational awareness, hunting hosts and networks, maintaining a flexible mindset, and sharing findings. It suggests starting with small data collection and focusing on important systems and network areas. The goal is to understand normal behavior and detect anomalies.
Building application security with 0 money downDefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Implementation of information security techniques on modern android based Kio...DefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The challenge of building a secure and safe digital environment in healthcareDefCamp
Jelena Milosevic in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Timing attacks against web applications: Are they still practical?DefCamp
This document discusses the practicality of timing attacks against web applications. It begins by explaining what a timing attack is and detailing the author's plan to conduct one against a target application. The plan involved studying the application's code, pinpointing an exploitable function, collecting timing data, filtering noise, and reducing the search space. The author was able to measure response times and identify spikes but encountered challenges averaging server performance. They demonstrate conducting a timing attack to recover hashed credentials over many requests. Ultimately, while timing attacks can be efficient, they are difficult to execute remotely and most applications and servers have protections that render the attacks impractical. Constant-time algorithms and rate limiting are presented as solutions to prevent these types of attacks.
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
Ionut-Cristian Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
This document summarizes a presentation about vulnerabilities found in electric vehicle charging stations. The presentation covered:
1) Several vulnerabilities were found in the Bluetooth and Wi-Fi stacks that could allow access to the vendor's internal network, including arbitrary file writes, command injection, and buffer overflows.
2) The vulnerabilities were disclosed responsibly to the vendor, who developed a detailed plan and released updated firmware within a few months to address all issues.
3) Electric vehicles and charging stations are an important area for continued security research given the protocols for wireless communication, transactions, and vehicle-to-charger interfaces.
Cristian Pațachia-Sultănoiu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This document discusses watering hole attacks, a type of cyber attack where hackers compromise frequently visited websites to infect visitors' devices through drive-by exploits. It describes how watering hole attacks work, why they are difficult to detect, and introduces DEKENEAS, an AI-based solution developed by the author to detect watering hole attacks through analyzing obfuscated JavaScript. DEKENEAS trains on over 40,000 malicious redirect samples to recognize behavioral patterns and classify code as malicious or not. When tested on 10,000 new samples and top websites, it achieved 100% detection of unknown implants with no false negatives and a very low false positive rate of 0.00023%.
3. Probleme de securitate Confidențialitatea Autentificarea Controlul accesului Integritatea Non-repudierea
4. Metode de rezolvare Servicii de securitate Mecanisme (criptare, hash) Semnaturadigitala Politici de securitate Software (antivirus) Educatie Măsuri legale
5. Modelul de bază al criptării Trudy text cifrat text modif M M’ Disp cifrare Disc descif. text clar text clar txt cifrat Cheie cifrare K Cheie descif. K’ Alice Bob
6. Definitii Spargereacifrurilor – criptanaliza Text cifratcunoscut Text clarcunoscut Text clar ales Proiectareacifrurilor – criptografie Notatii: F: {M} x {K} -> {C} Cifrare/Descifrare: C=Ek(M) / D=Dk’(C)
7. Caracteristicilesistemelor secrete Neconditionatsigur Rezistă la orice atac, indiferent de cantitatea de text interceptat. Computational tare Nu poate fi spart printr-o analiza sistematica cu resursele disponibile Sistem ideal Indiferent de volum interceptat, exista mai multe solutii, cu probabilitati apropiate
9. Clasificare Metode criptografice Clasice Substitutie Monoalfabetica Poliaflabetica Poligrafica Transpozitie Computationale Simetrice Asimetrice Cu coduri redundante
10. Metode clasice Cezar Vignere Poligrafica Transpozitie Cheie – (Cezarsuccesiv) Mama are mere Gigi ace face
11. One time pads Un de bitipe post de cheie. Se face un XOR intrecheiesimesaj. Ex: Mesaj– DefCampDefcamp. Cheie: Albastru. Criptanalistul nu le poatesparge. Diferitecheiacoperitoarerezultadiferitemesajevalide.
12. One time pads (2) De ce nu suntfolosite in practica? Cum transmit cheia? Probleme cu desincronizare. Dacă se pierde un singur bit de informatie restul mesajului devine invalid. Solutia – Criptografie cuantica Criptografie cuantica Polarizarea luminii Probleme: Tehnologiecomplexasiscumpa.
13. Metodecomputationale Sistemecriptofrafice Simetrice Asimetrice Cerinte generale Cifrare/descifrareeficientapentrutoatecheile Sistemusor de folosit Securitateasadepinda de chei, nu de algoritm Confidentialitate – sa nu poata fi determinatDk din C chiardaca se cunoaste M Autentificare – sa nu poate fi determinatEk din C chiardaca se cunoaste M
15. Sistemeasimetrice Utilizatorul Face publicacheiaEu de criptare. PastreazasecretacheiaDude decriptare. Cheilecomută– Eu(Du(M))=Du(Eu(M)) Avantaje Nu se pot deduce usorsa se deduca D din E Nu poate fi spartprincriptanaliza.
16. Aplicatiecheiasimetrice (RSA) 1. Se alegdouanumere prime p, q. 2. Se calculeaza n=pxq, z=(p-1)x(q-1) 3. Se alege d a.i. (z,d)=1 4. Se alege e a.i. exd=1 mod z Exemplu. Aleg p=3, q=11 => n=33, z=20, d=7, e=3
17. Demonstratie RSA Th Fermat : (a,p)=1 ap-1 mod p = 1 Th Euler : (a,n)=1 aɸ(n) mod n = 1 undeɸ(n)numarul de intregipozitivi < n, primi cu n. e, d au fostalesea.i. ɸ(n)=1, un mesaj Mϵ [0,n-1) a.i (M,n)=1 avem(ME mod n)d mod n = M Dem (ME mod n)d mod n = = MED mod n = Mtɸ (n)+1 mod n = M((Mɸ(n) mod n)t mod n) mod n = M
18. Semnaturadigitala Cu cheiesecreta – Big Brother. Fiecareutilizatorisi duce cheiasecreta la BB. Cand Alice vreasatrimita un mesaj, BB ii recunoastecheiasecreta, decripteazamesajul, semneaza cu cheiapublica a lui Bob, si cu cheiapublica a BB sitrimitemesajul.
19. Semnaturadigitala cu cheiepublica Trudy EB(DA(M)) DA (M) DA (M) cifrare cifrare cifrare cifrare Alice Bob DA ϙ priv EB ϙ pub DB ϙ priv EA ϙ pub
20. Rezumareamesajelor De ceesteimportanta? Multi biti -> Putinibiti Dispersia mare Autentificare. Ex: MD5, SHA-1. Dezavantaje Coliziuni calculate in timprezonabil
21. PKI, X509 De ce e nevoie? Probleme cu cheilepublice Implementatca un lant Ierarhicsaulant de incredere (web of trust). ROOT RA1 RA2 CA1 CA2 CA3
22. Quiz Ceschimbari se producdacaalegemsainterschimbamceledoua faze? (A intaisemneaza cu cheiapublica a lui B apoi cu a lui) A descoperacacheialuiprivataesteidentica cu cheiapublica a lui T. Ceartrebuisafaca A in cazulasta? Artrebuisafacaceva?
24. Bibliografie Andrew S. Tanenbaum, Computer Networks http://en.wikipedia.org/wiki/Public-key_cryptography http://en.wikipedia.org/wiki/MD5
Editor's Notes
Confidentialitatea – Intrusulsa nu paotareconstituimesajulAutentificarea – Intrusulsa nu poatamodificamesajulfaraca Bob saisideaseama
TCifC – Un text cifrat, metoda, limbajultextuluiclar, subiect, cuvintecheie din text;TClaC – Un text clar, text cifratcunoscut, anumitecuvintecheie;TClaA – Mod cifrareanumiteportiune text, exemplubaza de date, (modificare -> efect).
Este siguracestsistem? Nu estesigurdacaavem un fostangajatrauvoitor. Totusidacaadaugamredundanta le facemviatamaiusoara la criptanalistiPrincipiul criptografic 1: Mesajele trebuie să conţină redundanţă.Principiul criptografic 2: Este necesară o metodă pentru a dejuca atacurile prin replicarea mesajelor.
DES a fost învăluit în controverse de cand a aparut. NSA voia o cheia de 56 de biti. IBM de 128 de biti. Conspiratie. A fostabandonat. A fostdemonstratcapoate fi spartprincautareexhaustiva 2^56 de pass-uri in maiputin de o zi. => Triple DES.Chiar dacă NSA reuşeşte să construiască o maşină cu un miliard de procesoare, fiecare fiindcapabil să evalueze o cheie în fiecare picosecundă, ar trebui pentru o astfel de maşină aproximativ 10^10 saspargaparola.
Un text cifrat cu E_u nu poate fi descifrat tot cu E_u.PentruautentificareEu(Du(M))=Du(Eu(M))
Puterilemari nu se calculeazaniciodata.
Dezavantaje? Cine este BB? El poatecitittotul.Avantaje: Alice nu poatenegaca a trimismesajul.
Alice nu maipoatespuneca nu i-a trimismesajullui Bob o data trimis. (A semnatmesajul cu cheiaeiprivata).
De ceestemaifolosit MD5decat SHA-1.
User/Parola/UltimadatacandafostSchimbata/Numar minim de zile in care trebuieschimbata/NrMaximDezileValida/NumarDeZileInainteAvertisment/NumarDeZileDupaExpirare=>Disabled/Data candcontuldevine Disabled