SlideShare a Scribd company logo

Security awareness training

Sumedt Jitpukdebodin
Sumedt Jitpukdebodin

Sumedt Jitpukdebodin is a senior web application security specialist who teaches cybersecurity courses. He discusses several common cyber threats including social engineering, phishing, fake wireless access points, weak password security, and social networking threats. He provides examples of these threats and how attackers exploit them, often demonstrating with short videos. Throughout the presentation, he emphasizes the importance of security awareness and sharing knowledge to help others learn about computer security.

1 of 29
Download to read offline
SUMEDT JITPUKDEBODIN SENIOR WEB APPLICATION SECURITY SPECIALIST NCLA,LPIC-1,COMPTIA SEC+,C|EH,ECPPT Fundamental Of 
 Computer Security
Who am I? ● Sumedt Jitpukdebodin ● Jobs ○ Senior Web Application Security Specialist @ACIS i-Secure ○ Instructor Of “Introduction to Ethical Hacking, Mastering in Exploitation” Course Of CITEC ○ One Of Committee Of CSAT(Cyber Security Association of Thailand) ○ Writer Of Information Security and Linux forum of Hackazine ○ Writer Of “Hacking & Security – First Step Of Penetration Tester” Book. ● Hobby ○ Hacking ○ Whitehat ○ Writing ● Experience ○ Speaker in many universities ○ Speaker at “Hacker Secret #2,#3” seminar ○ Speaker at “Computer Security” seminar at BOI Fair. ○ Writer Of “How to pentest famous CMS” in Web App. Pentest Magazine. ○ Etc.
Threats Of Today 1. Social Engineering ○ Phishing ○ Owning with PDF 2. HTTP, HTTPS 3. Fake Wireless 4. Encryption Of Wireless Network 5. Strength Password 6. Fake Call Center 7. Social Network Threats
Social Engineering ● What ● Why ● When
Phishing ● How ○ Spam mail ○ Same or similar interface ● For ○ Steal credential ○ Exploit the web browser
Phishing Video ● Example 1 ● Example 2 ● Real Case (http://r00tsec.blogspot.com/2012/04/phishing- site.html)
Owning with PDF ● How ○ Exploit PDF Reader Software ○ Use the interesting name ○ Use the interesting content email ● For ○ Take the Bot ○ Compromise
Owning with PDF video
HTTP,HTTPS ● HTTP(Secure) ○ Identify the website ○ Protect sniffing attack
HTTPS Certify Authority(CA) Message with certificate
Identify the web
Self Sign Certificate
HTTP, HTTPS Video ● Try to sniffing traffic HTTP and HTTPS
Fake Wireless Access Point ● How ○ Similar name of true hotspot ○ Use ‘Public’ name ● For ○ Steal credential ○ Change destination to hacker website
Fake Wireless Access Point Video
Encryption Of Wireless ● Mode ○ Public ○ WEP ! RC4 Streaming Encryption ○ 64,128bits Encryption. ○ IV ○ WPA ! TKIP Encryption (Base on RC4) ! AES(Advance Encryption Standard) Encryption ! ICV ○ WPA2 ! AES Encryption ○ 256bit Encryption ○ *WPS(Wifi Protected Setup)
Brute Force Time ● WEP < 10 minutes ● WPA – 21 character > 4x10-20 years ● WPA2 > WPA
Break The Encryption Of Wireless ● WEP ● WPA/WPA2
Strength Password ● 1 Website/Username/Password ● > 8 Characters ● Upper Case ● Lower Case ● Special Characters: @, #, !, $, etc. ● Not in dictionary and personal information, company name.
Show time for use Keepass
Fake Call Center ● How ○ ถูกรางวัลต่างๆ ○ คืนภาษี ○ หนี4บัตรเครดิต ○ แอบอ ้างเป็น DSI ● Fr0m ○ จีน ○ ไต้หวัน
Fake Call Center Video
Social Networking Threats
Facebook Impact 2o11
Example Of Social Network Threats ● Likejacking ○ Facebook User ○ Interesting Picture ○ Spread to friends and user’s group.
Likejacking (Continue)
How to Learn Computer Security ● Love ● English ● Forum ● Share ● E-Book
Q & A
Thank You ● ☺

Recommended

SMIMP Lightning Talk - DEFCON CryptoVillage
SMIMP Lightning Talk - DEFCON CryptoVillageSMIMP Lightning Talk - DEFCON CryptoVillage
SMIMP Lightning Talk - DEFCON CryptoVillage
Adam Caudill
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat Landscapes
Prabath Siriwardena
 
Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!
Mark Niebergall
 
Propelling security
Propelling securityPropelling security
Propelling security
Jayant Kumar
 
Let's Encrypt
Let's EncryptLet's Encrypt
Let's Encrypt
Amjad Mashaal
 
Web security 101
Web security 101Web security 101
Web security 101Kristaps Kūlis
 
Xss attack
Xss attackXss attack
Xss attack
Ambuj Kumar
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 

Recommended

SMIMP Lightning Talk - DEFCON CryptoVillage
SMIMP Lightning Talk - DEFCON CryptoVillageSMIMP Lightning Talk - DEFCON CryptoVillage
SMIMP Lightning Talk - DEFCON CryptoVillage
Adam Caudill
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat Landscapes
Prabath Siriwardena
 
Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!
Mark Niebergall
 
Propelling security
Propelling securityPropelling security
Propelling security
Jayant Kumar
 
Let's Encrypt
Let's EncryptLet's Encrypt
Let's Encrypt
Amjad Mashaal
 
Web security 101
Web security 101Web security 101
Web security 101Kristaps Kūlis
 
Xss attack
Xss attackXss attack
Xss attack
Ambuj Kumar
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
Security Awareness 101
Security Awareness 101Security Awareness 101
Security Awareness 101HaroldCo
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threats
Sumedt Jitpukdebodin
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 
R u hacked
R u hackedR u hacked
R u hacked
Sumedt Jitpukdebodin
 
Hacking with paper
Hacking with paperHacking with paper
Hacking with paper
Sumedt Jitpukdebodin
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?
NaLUG
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
Olle E Johansson
 
Let's Encrypt: Better Security through Automation
Let's Encrypt: Better Security through AutomationLet's Encrypt: Better Security through Automation
Let's Encrypt: Better Security through Automation
APNIC
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
Pantheon
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
Olle E Johansson
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
All Things Open
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
Guy Podjarny
 
HTTPS
HTTPSHTTPS
HTTPS
Justin Denton
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
Philippe De Ryck
 
Security Patterns for Software Development
Security Patterns for Software DevelopmentSecurity Patterns for Software Development
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
Mary Joy Sabal
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
Martin Vigo
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
Paul Yang
 

More Related Content

Viewers also liked

Security Awareness 101
Security Awareness 101Security Awareness 101
Security Awareness 101HaroldCo
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threats
Sumedt Jitpukdebodin
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 
R u hacked
R u hackedR u hacked
R u hacked
Sumedt Jitpukdebodin
 
Hacking with paper
Hacking with paperHacking with paper
Hacking with paper
Sumedt Jitpukdebodin
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 

Viewers also liked (9)

Security Awareness 101
Security Awareness 101Security Awareness 101
Security Awareness 101
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threats
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 
R u hacked
R u hackedR u hacked
R u hacked
 
Hacking with paper
Hacking with paperHacking with paper
Hacking with paper
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 

Similar to Security awareness training

Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?
NaLUG
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
Olle E Johansson
 
Let's Encrypt: Better Security through Automation
Let's Encrypt: Better Security through AutomationLet's Encrypt: Better Security through Automation
Let's Encrypt: Better Security through Automation
APNIC
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
Pantheon
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
Olle E Johansson
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
All Things Open
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
Guy Podjarny
 
HTTPS
HTTPSHTTPS
HTTPS
Justin Denton
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
Philippe De Ryck
 
Security Patterns for Software Development
Security Patterns for Software DevelopmentSecurity Patterns for Software Development
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
Mary Joy Sabal
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
Martin Vigo
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
Paul Yang
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
UTD Computer Security Group
 
How the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPSHow the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPS
whj76337
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotik
Achmad Mardiansyah
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
Kevin Hakanson
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
Seun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptxSeun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptx
SeunLanLege1
 
Tuenti: Web Application Security
Tuenti: Web Application SecurityTuenti: Web Application Security
Tuenti: Web Application Security
Tuenti
 

Similar to Security awareness training (20)

Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
Let's Encrypt: Better Security through Automation
Let's Encrypt: Better Security through AutomationLet's Encrypt: Better Security through Automation
Let's Encrypt: Better Security through Automation
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
HTTPS
HTTPSHTTPS
HTTPS
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Security Patterns for Software Development
Security Patterns for Software DevelopmentSecurity Patterns for Software Development
Security Patterns for Software Development
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
How the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPSHow the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPS
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotik
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
Seun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptxSeun - Breaking into Protocol Engineering (1).pptx
Seun - Breaking into Protocol Engineering (1).pptx
 
Tuenti: Web Application Security
Tuenti: Web Application SecurityTuenti: Web Application Security
Tuenti: Web Application Security
 

More from Sumedt Jitpukdebodin

How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
Sumedt Jitpukdebodin
 
Phishing
PhishingPhishing
Phishing
Sumedt Jitpukdebodin
 
Which side are you
Which side are youWhich side are you
Which side are you
Sumedt Jitpukdebodin
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
Sumedt Jitpukdebodin
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
Sumedt Jitpukdebodin
 
DDoS handlering
DDoS handleringDDoS handlering
DDoS handlering
Sumedt Jitpukdebodin
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
Sumedt Jitpukdebodin
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
Sumedt Jitpukdebodin
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and Threats
Sumedt Jitpukdebodin
 

More from Sumedt Jitpukdebodin (9)

How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
 
Phishing
PhishingPhishing
Phishing
 
Which side are you
Which side are youWhich side are you
Which side are you
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
 
DDoS handlering
DDoS handleringDDoS handlering
DDoS handlering
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and Threats
 

Recently uploaded

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Security awareness training

  • 1. SUMEDT JITPUKDEBODIN SENIOR WEB APPLICATION SECURITY SPECIALIST NCLA,LPIC-1,COMPTIA SEC+,C|EH,ECPPT Fundamental Of 
 Computer Security
  • 2. Who am I? ● Sumedt Jitpukdebodin ● Jobs ○ Senior Web Application Security Specialist @ACIS i-Secure ○ Instructor Of “Introduction to Ethical Hacking, Mastering in Exploitation” Course Of CITEC ○ One Of Committee Of CSAT(Cyber Security Association of Thailand) ○ Writer Of Information Security and Linux forum of Hackazine ○ Writer Of “Hacking & Security – First Step Of Penetration Tester” Book. ● Hobby ○ Hacking ○ Whitehat ○ Writing ● Experience ○ Speaker in many universities ○ Speaker at “Hacker Secret #2,#3” seminar ○ Speaker at “Computer Security” seminar at BOI Fair. ○ Writer Of “How to pentest famous CMS” in Web App. Pentest Magazine. ○ Etc.
  • 3. Threats Of Today 1. Social Engineering ○ Phishing ○ Owning with PDF 2. HTTP, HTTPS 3. Fake Wireless 4. Encryption Of Wireless Network 5. Strength Password 6. Fake Call Center 7. Social Network Threats
  • 5. Phishing ● How ○ Spam mail ○ Same or similar interface ● For ○ Steal credential ○ Exploit the web browser
  • 6. Phishing Video ● Example 1 ● Example 2 ● Real Case (http://r00tsec.blogspot.com/2012/04/phishing- site.html)
  • 7. Owning with PDF ● How ○ Exploit PDF Reader Software ○ Use the interesting name ○ Use the interesting content email ● For ○ Take the Bot ○ Compromise
  • 9. HTTP,HTTPS ● HTTP(Secure) ○ Identify the website ○ Protect sniffing attack
  • 13. HTTP, HTTPS Video ● Try to sniffing traffic HTTP and HTTPS
  • 14. Fake Wireless Access Point ● How ○ Similar name of true hotspot ○ Use ‘Public’ name ● For ○ Steal credential ○ Change destination to hacker website
  • 15. Fake Wireless Access Point Video
  • 16. Encryption Of Wireless ● Mode ○ Public ○ WEP ! RC4 Streaming Encryption ○ 64,128bits Encryption. ○ IV ○ WPA ! TKIP Encryption (Base on RC4) ! AES(Advance Encryption Standard) Encryption ! ICV ○ WPA2 ! AES Encryption ○ 256bit Encryption ○ *WPS(Wifi Protected Setup)
  • 17. Brute Force Time ● WEP < 10 minutes ● WPA – 21 character > 4x10-20 years ● WPA2 > WPA
  • 18. Break The Encryption Of Wireless ● WEP ● WPA/WPA2
  • 19. Strength Password ● 1 Website/Username/Password ● > 8 Characters ● Upper Case ● Lower Case ● Special Characters: @, #, !, $, etc. ● Not in dictionary and personal information, company name.
  • 20. Show time for use Keepass
  • 21. Fake Call Center ● How ○ ถูกรางวัลต่างๆ ○ คืนภาษี ○ หนี4บัตรเครดิต ○ แอบอ ้างเป็น DSI ● Fr0m ○ จีน ○ ไต้หวัน
  • 25. Example Of Social Network Threats ● Likejacking ○ Facebook User ○ Interesting Picture ○ Spread to friends and user’s group.
  • 27. How to Learn Computer Security ● Love ● English ● Forum ● Share ● E-Book
  • 28. Q & A