The21stcenturybankjob 101014152255-phpapp02

•

2 likes•379 views

This document discusses modern methods of bank theft and fraud, such as credit card fraud, ATM skimming, and social engineering. It describes how hackers may target a bank's internal IT systems and compromise networks, core transaction systems, data warehouses, and other technical infrastructure. The document also examines common security problems like weak passwords, outdated systems, and a lack of employee awareness and skills. It provides examples of how penetration testers have compromised banks and considers ongoing efforts by banks to increase security through encryption, two-factor authentication, compliance, and security assessments.

&IT’S EASIER THEY ARE CLUELESS
WHYTARGETINGTHE USERS?
[MOST OFTHETIME]

CORE
TRADEFINANCE TREASURY
DATAWAREHOUSING
ANTIMONEYLAUNDRINGREMITTANCE
CRM
COLLECTIONSYSTEM
ATMSWITCH
INTERNETBANKING
ISLAMICBANKING
MOBILEBANKING
CARDMANAGEMENT

NETWORKOFTRUST
EMPLOYEES
MANAGEMENT
GOVERNMENT
VENDORS
CUSTOMERS

STORYTELLINGSESSION
HOWWECOMPROMISEDBANKS
ONSOMEPENTESTENGAGEMENT

COMMONPROBLEMS
PEOPLE PROBLEMS
WEAK PASSWORDS
LACK OF AWARENESS
LACK OF SKILLS
SYSTEM PROBLEMS
OUTDATED SYSTEMS
INSECURE CONFIGURATIONS
INSECURE PROTOCOLS

BANK
CUSTOMER
AccordingtoCustomer
BANK
CUSTOMER
AccordingtoBank
RESPONSIBLE
RESPONSIBLE
RESPONSIBLE
SECURITYRESPONSIBILITY

BANKS’EFFORTS TO INCREASE THE SECURITY LEVEL

CREDITS:
Photos:
• [Page 01] http://www.flickr.com/photos/reddogfever/4580710899/
• [Page 02] http://www.flickr.com/photos/lanuiop/226760877/
• [Page 04] http://www.flickr.com/photos/deepblue66/132439533/
• [Page 05] http://www.flickr.com/photos/marcelnicolai/4600107436/
• [Page 09] http://www.flickr.com/photos/paulwatson/411792788/
• [Page 10] http://www.flickr.com/photos/jliba/3696592874/
• [Page 11] Swordfish Hack — http://www.youtube.com/watch?v=zfy5dFhw3ik
• [Page 12] http://www.flickr.com/photos/skreuzer/354316778/
• [Page 13] http://www.flickr.com/photos/tim_d/184018928/
• [Page 14] http://www.flickr.com/photos/eskimoblood/2111672366/
• [Page 15] http://www.flickr.com/photos/beneathourfeet/2502755729/
• [Page 16] http://www.flickr.com/photos/formalfallacy/2057169454/
• [Page 16] http://www.flickr.com/photos/dolor_ipsum/3262262008/
• [Page 17] http://www.flickr.com/photos/24443965@N08/3460357646/
• [Page 23] http://www.flickr.com/photos/kk/4191131924/
• [Page 25] http://www.flickr.com/photos/ari/2347593532/
• [Page 27] http://www.infosurhoy.com/cocoon/saii/images/2010/03/01/photo4.jpg
• [Page 28] http://en.wikipedia.org/wiki/File:CryptoCard_two_factor.jpg
• [Page 29] http://blogs.ft.com/gapperblog/files/2008/03/bank-regulation.jpg
• [Page 30] http://www.flickr.com/photos/dfarrell07/5013882149/
• [Page 31] http://www.flickr.com/photos/joshmt/2526552173/

@GEOVEDI
CHECKOUT:
http://slideshare.net/geovedi

This document discusses various methods of compromising banks, both through old and modern means. It covers topics like credit card fraud, ATM skimming, social engineering, and hacking bank IT systems. The document also examines security responsibilities and challenges for both banks and customers. It notes common security problems relate to people, systems, and management; and outlines some of the efforts banks have taken to increase security levels through encryption, two-factor authentication, compliance, and assessments.

Artificial intelligence in financial sector converted (1)

emmaelice

Money2020 2015 Day One Highlights

Sam Maule

This document contains 20 quotes from various individuals on topics related to financial technology and payments innovation. Some key themes that emerge are: the need to focus on solving real business problems rather than just building new technology; the importance of security and user experience; the potential for new technologies like blockchain, cryptocurrency, and the Internet of Things to disrupt traditional financial services; and challenges around scaling innovation and ensuring access and affordability.

Money2020 2015 Day Three Highlights

Sam Maule

This document summarizes key points from discussions at the MONEY20 conference. Some of the main ideas discussed include: - Payment instruments will become less important and authorization engines will be key. - Claims of the "death of cash" are overstated as 18% of the world's GDP is still withdrawn from ATMs each year in cash. - Winning fintech companies will need to partner with banks to scale, while winning banks will partner with fintech firms. - Blockchain and distributed ledgers are promising but still early like the internet was in 1995.

Money2020 2015 Day Two Highlights

Sam Maule

From Online To Digital

The Bank Channel

The document discusses innovation in online financial services. It begins by looking at the current state of customers managing their money and how big banks are faring. It identifies converging trends in the industry around economic conditions, customer behavior, technology capabilities, and changing business models. It then examines the competitive landscape for banks and how bank models and channels are shifting. The document outlines 10 insights for digital innovation and provides strategies for banks on multiple levels of business delivery and dimensions of online innovation to adapt and stay relevant in a changing digital landscape.

Spying The Wire

Don Anto

1. The document discusses common attacks on local area networks (LANs), including spoofing, man-in-the-middle attacks, sniffing, TCP/IP session hijacking, remote code execution, and denial-of-service attacks. 2. It describes how each attack works and provides examples of how it could be carried out on a LAN. Specific techniques mentioned include ARP cache poisoning, IP spoofing, DHCP spoofing, switch port stealing, and buffer overflows. 3. The document recommends defenses against these attacks such as using switches instead of hubs, static ARP entries, port security, VLAN segmentation, encryption, firewalls, patching, and monitoring tools. Regular auditing and updating systems is

Studi dan Implementasi Keamanan User Privacy menggunakan CP-ABE

idsecconf

This document discusses hacking into a Facebook account. It begins with background information on social networks and Facebook. It then describes a true story of how the author hacked into someone's Facebook account by exploiting security questions. The author demonstrates penetrating the account and taking it over. Finally, it provides tips to help prevent this, such as hiding sensitive data and using encrypted answers for security questions.

How to train your ninja

idsecconf

This document outlines an agenda for conducting an e-banking security assessment. It discusses various aspects of assessing security such as session management, access control, authentication, and technical vulnerabilities. The document recommends delivering management and technical reports with findings, risks, values, technical details, and patching/coding recommendations. It emphasizes pentester ethics and non-disclosure agreements when conducting such assessments.

Turning tl mr 3020 into automate wireless attacker

idsecconf

Desain skema rn4 s1

idsecconf

Micro control idsecconf2010

idsecconf

This document discusses security issues with microcontrollers (uCs). uCs are commonly used in devices like cars, medical implants, and infrastructure systems. The Atmel AVR8 uC architecture is examined in depth. Issues discussed include weak randomness for crypto, race conditions due to lack of concurrency controls, buffer overflows enabled by the Harvard architecture separating code and data, and attacks involving NULL pointers, uninitialized memory, and dereferencing memory beyond physical limits. Exploiting these issues could allow taking control of uC firmware to potentially manipulate connected devices and systems.

Turning tl mr 3020 into automate wireless attacker

idsecconf

The_Hydra - Bagaimana Menulis dan Memaintain Elektronik Hacking Magazineidsecconf

MrX - ADT: It's not about Faking the Approval

idsecconf

This document summarizes a presentation given by MrX at the IDSECCONF2009 conference on Asian digital theft. The presentation covered who engages in digital theft in Asia, such as credit card fraudsters and cybercrime suppliers, and discussed various prevention methods used by companies to combat fraud, including SSL, AVS, 3D Secure, automated fraud detection, and blocking transactions from high-risk countries. It also provided case studies on instances where these prevention methods failed or were bypassed by thieves and concluded that completely secure systems do not exist, manual checks are still needed, and internet fraud will likely continue as a persistent crime.

Mobile security-an-introduction - za

idsecconf

indounderground, Carding, carder and why you should avoid it!

idsecconf

Reksoprodjo cyber warfare stmik bali 2010

idsecconf

A million little tracking devices - Don Bailey

idsecconf

This document discusses the security vulnerabilities in Zoombak GPS tracking devices. It describes how the devices can be discovered on the cellular network and have their location intercepted or impersonated. The document outlines attacks that could allow discovering targets, intercepting their location data, and spoofing their location. It recommends ways for Zoombak to improve security, such as adding authentication and encryption to location updates.

y3dips, mastering the network hackingFUidsecconf

Generating the responses

idsecconf

Ebanking menjelaskan pentingnya audit aplikasi perbankan untuk menjamin keamanan nasabah. Security token digunakan sebagai pengaman tambahan untuk transaksi keuangan, yang bentuknya termasuk token virtual dan token fisik yang menggunakan autentikasi dua faktor. Dokumen ini juga membahas prinsip keamanan token mobile dan alternatif untuk mengamankan kode aplikasi seperti obfuskasi kode dan enkripsi file.

Analisa kejahatan menggunakan jaringan gsm

idsecconf

Reversing blue coat proxysg - wa-

idsecconf

Keynote - Jim Geovedi - professional-hackers

idsecconf

The document discusses different types of professional hackers and their roles, including corporate hackers like programmers, administrators, operators, security officers, and IT auditors who work for companies. It also discusses independent hackers like operating system hackers, intrusion specialists, vulnerability researchers, botnet owners, rootkit/trojan/virus writers, and spammers/fraudsters. Finally, it raises questions about the professional hacking community and skills in Indonesia.

Linux kernel-rootkit-dev - Wonokaerun

idsecconf

This document contains the slides from a presentation given by WonoKaerun at the Indonesian Security Conference 2011 in Palembang. The presentation introduces rootkits and techniques for hiding malware at the kernel level on Linux systems. It covers topics like loadable kernel modules, interrupt descriptor table hooking, virtual file system hacking, page fault handler hijacking, debugging register abuse, and kernel instrumentation patching. The goal is to evade detection by security solutions by gaining control of the kernel before anti-rootkit defenses can activate. Throughout, the document emphasizes the cat-and-mouse nature of offensive and defensive security research.

Ctf online idsecconf2012 walkthrough

idsecconf

theday, windows hacking with commandline

idsecconf

This document provides an overview of basic hacking techniques using Windows and Linux command lines. It discusses using tools like netcat, SMB sessions, FOR loops, and the /dev/tcp feature in Linux to perform tasks like port scanning, password guessing, file transfers, and creating backdoor shells. The document includes code examples for scanning IP ranges, mounting SMB shares, transferring files over the network, and connecting back to an attacker's machine to execute commands.

Tc Bank Technology Innovation Indiana

rajpatelplantemoran

The document discusses several technology trends in banking, including: Mobile banking is expected to significantly increase over the next few years, with over a third of online banking customers using mobile banking by 2010. Younger generations especially expect mobile banking services from their banks. Future mobile technologies may allow payments, location-based marketing, text alerts and confirmations. Mobile devices could directly interact with ATMs to withdraw cash or make payments at checkouts.

12 neobanks for SMEs and GIGs

Vladislav Solodkiy

Viewers also liked

How i hack_hacker_facebook - el_rumi

idsecconf

How to train your ninja

idsecconf

Turning tl mr 3020 into automate wireless attacker

idsecconf

Desain skema rn4 s1

idsecconf

Micro control idsecconf2010

idsecconf

Turning tl mr 3020 into automate wireless attacker

idsecconf

The_Hydra - Bagaimana Menulis dan Memaintain Elektronik Hacking Magazineidsecconf

MrX - ADT: It's not about Faking the Approval

idsecconf

Mobile security-an-introduction - za

idsecconf

indounderground, Carding, carder and why you should avoid it!

idsecconf

Reksoprodjo cyber warfare stmik bali 2010

idsecconf

A million little tracking devices - Don Bailey

idsecconf

y3dips, mastering the network hackingFUidsecconf

Generating the responses

idsecconf

Analisa kejahatan menggunakan jaringan gsm

idsecconf

Reversing blue coat proxysg - wa-

idsecconf

Keynote - Jim Geovedi - professional-hackers

idsecconf

Linux kernel-rootkit-dev - Wonokaerun

idsecconf

Ctf online idsecconf2012 walkthrough

idsecconf

theday, windows hacking with commandline

idsecconf

Viewers also liked (20)

How i hack_hacker_facebook - el_rumi

How to train your ninja

Turning tl mr 3020 into automate wireless attacker

Desain skema rn4 s1

Micro control idsecconf2010

Turning tl mr 3020 into automate wireless attacker

The_Hydra - Bagaimana Menulis dan Memaintain Elektronik Hacking Magazine

MrX - ADT: It's not about Faking the Approval

Mobile security-an-introduction - za

indounderground, Carding, carder and why you should avoid it!

Reksoprodjo cyber warfare stmik bali 2010

A million little tracking devices - Don Bailey

y3dips, mastering the network hackingFU

Generating the responses

Analisa kejahatan menggunakan jaringan gsm

Reversing blue coat proxysg - wa-

Keynote - Jim Geovedi - professional-hackers

Linux kernel-rootkit-dev - Wonokaerun

Ctf online idsecconf2012 walkthrough

theday, windows hacking with commandline

Similar to The21stcenturybankjob 101014152255-phpapp02

Tc Bank Technology Innovation Indiana

rajpatelplantemoran

12 neobanks for SMEs and GIGs

Vladislav Solodkiy

FT White Paper for Yvan - John Donovan V2

John Donovan

John Donovan is a FinTech entrepreneur who was previously involved with Lending Club and currently advises several FinTech startups. He discusses how marketplace lending returns to more individual-focused banking by allowing individuals to provide capital to others at reasonable returns. However, mega-mergers led large banks to prioritize profits over customers. Currently, four large banks control over half of US banking assets and debt. Marketplace lending platforms offer better rates to borrowers and returns to investors while having lower costs than banks.

Online Banking

Allen Thi

Online banking provides customers with convenient access to their bank accounts through the internet or mobile apps. It allows users to check balances, view transactions, transfer funds between accounts, and pay bills without visiting a physical bank location. Larger banks were early adopters of online banking capabilities, with 96% of banks with over $300 million in assets offering websites compared to 51% of smaller banks. Online banking reduces costs for banks while increasing convenience for customers. However, older customers are still hesitant to use online and mobile banking services.

Online Banking

Allen Thi

Online banking provides customers with convenient access to their bank accounts through the internet or mobile apps. It allows users to check balances, view account activities, transfer funds between accounts, and pay bills without visiting a physical bank location. Larger banks were early adopters of online banking capabilities, with 96% of banks with over $300 million in assets offering websites compared to only 51% of smaller banks. Online banking reduces costs for banks while increasing convenience for customers through easy and efficient account access. However, older customers are still less likely to use online and mobile banking services.

Mit digital manifesto

Bankir_Ru

This document outlines the key features and requirements for a proposed "Digital Bank of the Future" (DBF). It discusses how existing banks are hindered by legacy systems and culture, while new technologies allow for more digital and mobile-focused banking. The document defines three waves of digital banking - with the first being incremental changes to existing banks, the second being "digital hybrids" that still rely on legacy systems, and the third being "digital natives" designed around new technologies. It then summarizes requirements for DBF from the perspectives of customers, investors, and the bank itself, focusing on features like holistic digital experiences, biometrics, digital wallets, payments, financial planning tools, and data-driven personalized services

Mit digital banking manifesto - the end of banks

Ian Beckett

This document outlines the key features and requirements for a proposed "Digital Bank of the Future" (DBF). It discusses how existing banks are hindered by legacy systems and culture, while new technologies now enable a third wave of digital banking innovation. The summary provides an overview of the document's main points regarding what a DBF should offer from the perspectives of customers, investors, and the bank itself. Key aspects include a fully digital experience, mobile-first design, use of biometrics, digital wallets, access to peer-to-peer services, and the ability to serve the billions of unbanked and underbanked globally through new data and risk analysis technologies.

Technology Disruption 2022 (ISOAG)

Barry Condrey

This document contains a summary of notes from Barry Condrey, CIO of IST, discussing technology trends and lessons learned. It covers a wide range of topics from the history of technology to current issues like ransomware and cybersecurity. Key points discussed include the increasing rate of ransomware attacks, the "pirate methodology" used by criminals, Chesterfield's approach to ransomware protection, and predictions about future cybersecurity challenges around encryption, artificial intelligence, and data privacy.

Financial propagandamodelsolomo nov2012

Thomas Hu

The document discusses how demand is created in the SoLoMo (social, local, mobile) era and the anatomy of financial propaganda models. It notes that in 2010, global smartphone shipments surpassed PCs, and social media now occupies 16% of internet users' time. Big data analytics enhance propaganda by allowing more precise targeting of users based on their preferences and behaviors. Social media is creating a new layer of trust infrastructure, but also raises issues around privacy, consumer protection, and who to trust. The document considers implications for journalism in this new environment, questioning journalists' role and relevance when information is abundant and judgments are difficult to make. It suggests journalists should act as sober thinkers, loud speakers, and motivated fighters for truth

Webcast - how can banks defend against fraud?

Uniphore

The Annual Global Fraud Survey, commissioned by Kroll and carried out by the Economist Intelligence Unit, reports that businesses lose nearly 1.6% of their revenue to fraud. While global banks are utilizing IT solutions to safeguard themselves from cyber and online phishing attacks, our webcast helps you understand an innovative and cutting edge technology which can help you to: * Stop revenue loss on fraud/identity thefts * Prevent customers from cyber attacks * Ensure 100% fail-proof customer authentication * Provide confidence to customers and improve CSAT * Protect banking information and customer data breach

Tech in indonesia 2014 presented at startup asia 2014 jakarta

Andy Zain

The document discusses the technology and financial technology landscape in Indonesia. It notes that Indonesia has a large young population and growing middle class that is increasingly using the internet and engaging in online activities. However, connectivity, logistics, payments and other infrastructure issues still constrain internet business growth in Indonesia. The document advocates that financial technology can help enable innovation, banking the unbanked, lending, payments, and other services to tap into Indonesia's economic opportunities. It announces the soft launch of a FinTech advocacy group in Indonesia to help drive such innovation.

ppt

PratimaP1

The document discusses retail banking in India. It outlines the objectives of studying retail banking, including understanding the concept and importance of retail banking in India. It analyzes the services provided and evaluates retail banking operations. Retail banking is seen as an important market segment that offers growth opportunities. It requires innovation and technological upgrades to meet customer needs and contribute to economic development.

Similar to The21stcenturybankjob 101014152255-phpapp02 (12)

Tc Bank Technology Innovation Indiana

12 neobanks for SMEs and GIGs

FT White Paper for Yvan - John Donovan V2

Online Banking

Mit digital manifesto

Mit digital banking manifesto - the end of banks

Technology Disruption 2022 (ISOAG)

Financial propagandamodelsolomo nov2012

Webcast - how can banks defend against fraud?

Tech in indonesia 2014 presented at startup asia 2014 jakarta

ppt

More from idsecconf

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf

Cloud Managed Router merupakan hasil dari kombinasi antara perangkat router konvensional dengan teknologi cloud management, yang dikembangkan agar memudahkan pengguna untuk dapat mengatur perangkat router dari jarak jauh. Namun tentu saja dengan penerapan yang kurang tepat, maka hal ini bisa dimanfaatkan oleh orang yang tidak bertanggung jawab, bahkan dapat beresiko akses perangkat router diambil alih. Pada topik ini saya akan sedikit menceritakan bagaimana resiko tersebut bisa terjadi.

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf

This document provides an agenda and details for a presentation by Neil Armstrong on leveraging infrastructure as code (IaC) for stealthy red team operations. The presentation will cover background on IaC and red team operations, goals and challenges of the project, designs for segmented network, command and control (C2), phishing, and security information and event management (SIEM) infrastructure, implementation and results, and conclusions. The project aims to create reliable, flexible, and stealthy red team infrastructure using IaC to streamline deployments and allow repeatable, disposable operations.

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf

Dalam dunia keamanan siber, sinergi antara berbagai proses memiliki peran yang sangat penting. Salah satu proses atau framework yang tengah menjadi sorotan dan menarik perhatian luas adalah Detection Engineering. Proses Detection Engineering ini bertujuan untuk meningkatkan struktur dan pengorganisasian dalam pembuatan detection use case atau rules di Security Operation Center (SOC). Detection Engineering bisa dikatakan masih baru dalam dunia keamanan siber, sehingga terdapat banyak peluang untuk membuat keseluruhan prosesnya menjadi lebih baik. Salah satu hal yang masih terlupakan adalah integrasi antara proses Detection Engineering dan Threat Modeling. Biasanya, Threat Modeling lebih berfokus pada solusi pencegahan dan mitigasi resiko secara langsung dan melupakanan komponen deteksi ketika pencegahan dan mitigasi tersebut gagal dalam menjalankan fungsinya. Dalam makalah ini, kami memperkenalkan paradigma baru dengan mengintegrasikan Detection Engineering ke dalam proses Threat Modeling. Pendekatan ini menjadikan Detection sebagai langkah proaktif tambahan, yang dapat menjadi lapisan pertahanan ekstra ketika kontrol pencegahan dan mitigasi akhirnya gagal dalam menghadapi ancaman sesungguhnya.

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf

Smart doorbell atau bel pintar telah menjadi populer dalam sistem keamanan rumah pintar. Namun, banyak dari perangkat ini masih menggunakan protokol yang tidak aman untuk berkomunikasi, protokol yang rentan terhadap serangan keamanan seperti jamming, sniffing dan replay attack. Penelitian ini bertujuan untuk menganalisis kelemahan penggunaan protokol komunikasi pada smart doorbell, serta menginvestigasi potensi pemanfaatan Software Defined Radio (SDR) dan modul arduino dalam mengamati komunikasi gelombang elektronik pada frekuensi 433 MHz. Selain itu penelitian ini ditujukan untuk mengidentifikasi potensi risiko yang dihadapi oleh pengguna pengkat IoT, serta memberikan pandangan tentang perlindungan yang lebih baik.

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf

Modern organizations are facing the severe challenge of effectively countering threats and mitigating Indicators of Compromise (IOCs) within their network environments. The increasing complexity and volume of cyber threats has highlighted the urgency of building robust mechanisms to block specific IOCs independently. While some organizations have adopted Endpoint Detection and Response (EDR) systems, these solutions often have limitations and require manual processes to collect and examine IOCs from multiple sources. These operational barriers prevent organizations from achieving a proactive and efficient defense posture, an obstacle that is particularly important due to the critical role that IOC blocking plays in containing the spread of threats and limiting potential damage. Hence, the need for a solution that orchestrates automated IOC blocking, utilizing tools such as AlienVault Open Threat Exchange (OTX), VirusTotal, CrowdStrike, and Slack. In this presentation, we examine the importance of automated IOC blocking and its potential to strengthen network security, while highlighting the critical role that these tools play in mitigating evolving cyber threats.

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

idsecconf

Semakin berkembangnya teknologi di aplikasi Desktop terdapat celah keamanan yang dapat menyebabkan dampak langsung atau tidak langsung pada kerahasiaan, Integritas Data yang di bangun menggunakan Framework dari Electron khusus nya aplikasi Desktop di Sistem Operasi MAC. Dalam materi yang di persentasikan akan membahas celah keamanan Security Misconfiguration,RCE,Code Injection, Bypass File Quarantine dan juga bagaiman cara intercept Aplikasi Electron Desktop di system operasi macOS

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

idsecconf

This document discusses how to infiltrate an AWS cloud environment through publicly exposed services like Elastic Container Registry (ECR), Systems Manager (SSM) documents, Elastic Block Store (EBS) snapshots, Relational Database Service (RDS) snapshots, and Amazon Machine Images (AMI). It outlines attack flows showing how an attacker could access credentials, source code, personal information and other sensitive data from these publicly shared resources. The document recommends mitigation steps like encrypting shared resources, frequent credential rotation, using least privilege access, inventorying all resources, and proper Identity and Access Management (IAM) configuration.

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

idsecconf

Near Field Communication (NFC) saat ini adalah teknologi yang umumnya di gunakan untuk media pembayaran serta akses kontrol untuk keamanan ruangan dan gedung. Tidak terbatas untuk hal itu saja, teknologi NFC juga kerap di implementasikan untuk perangkat IoT. Beberapa perangkat menggunakan NFC tag untuk menyimpan informasi guna sinkronisasi dengan perangkat smartphone. Penggunaan teknologi NFC awalnya dianggap aman karna mengharuskan alat baca dengan tag berada dalam poisisi yang sangat dekat. Sehingga dianggap sulit untuk melakukan penyadapan informasinya. Seiring waktu banyak penilitian mengungkapkan bahwa komunikasi ISO 1443-3 ini bisa di intip dan di terjemahkan ke dalam bentuk perintah serta respon aslinya. Proxmark3 adalah salah satu alat yang dikembangkan untuk keperluan tersebut. Namun ada kondisi dimana perangkat proxmark tidak dapat di fungsikan maksimal lantaran berkurangnya sensititifitas pembaca dan tag ketika ada objek berada diantara keduanya. Di paper ini saya ingin menyajikan hasil penelitian saya tentang penggunaan Dynamic Instrumentation Frida untuk memantau penggunaan modul java nfc dalam platform Android dan menggunakannya untuk melakukan lockpicking pada gembok pintar berbasis NFC.

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

idsecconf

This paper is a documentation of proposed security management for Electronic Health Records which includes security planning and policy, security program, risk management, and protection mechanism. Planning and policy are developed to provide a basic principle of security management at a hospital. The security program in this document includes Risk-Adaptable Access Control (RAdAC) and the implementation of security education, training and awareness (SETA). Regarding risk management, we perform risk identification, inventory of assets, information assets classification, and information assets value assessment, threat identification, and vulnerability assessment. For protection mechanism, we propose biometrics and signature as the authentication methods. The use of firewalls, intrusion detection system and encrypted data transmission is also suggested for securing data, application and network.

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

idsecconf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

idsecconf

Evaluasi privasi pengguna pada aplikasi Android menemukan bahwa: (1) sebagian besar aplikasi mengumpulkan data pribadi pengguna seperti lokasi, kontak, dan aktivitas; (2) data tersebut dapat dibagikan ke pihak ketiga dan tidak mudah dihapus; (3) hanya beberapa aplikasi yang memiliki petugas perlindungan data yang tersedia. Analisis ini menunjukkan pentingnya perlindungan privasi pengguna yang lebih

Utian Ayuba - Profiling The Cloud Crime.pdf

idsecconf

Cloud criminals are motivated by curiosity, recognition, thrill-seeking, and more. They exhibit aggressive and rude behaviors online due to reduced social cues and anonymity. Common traits include narcissism, neuroticism, and social awkwardness. While organizations cannot control criminal motivations and traits, they can minimize opportunities by strengthening security with talent, budgets, technologies, and diligence.

Proactive cyber defence through adversary emulation for improving your securi...

idsecconf

Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

idsecconf

Pentesting react native application for fun and profit - Abdullah

idsecconf

React Native merupakan framework untuk membuat aplikasi native menggunakan Javascript. Aplikasi dibundling menjadi satu file .bundle yang berisi seluruh logika aplikasi. Hal ini menjadikan aplikasi rentan terhadap manipulasi kode. Beberapa celah keamanan yang mungkin ada meliputi manipulasi endpoint API, mengeksploitasi fitur Firebase, menemukan kredensial akun, atau penyimpanan data secara tidak aman.

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

idsecconf

Pandemi covid-19 melonjak pada gelombang ke-2 di. Untuk mengantisipasi itu pemerintah membagikan oximeter ke puskesmas. Oximeter yang ada dipasaran mengharuskan tenaga kesehatan untuk kontak langsung dengan pasien. Dengan menggunakan Hacked Oxymeter ini dapat mengurangi intensitas bertemu dengan pasien dan mengurangi resiko terpapar covid-19. Secara metodologi, hacking oximeter ini membaca output komunikasi serial pada alat oximeter untuk kemudian diolah oleh mikrokontroler dan dikirim ke MQTT broker untuk diteruskan ke klien yang membutuhkan. Alat ini digunakan oleh pasien yang sedang isoman di hotel, fasilitas Kesehatan atau rumah sakit darurat/lapangan

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

idsecconf

Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

idsecconf

Proses DevSecOps saat ini banyak digunakan dikalangan industri yang membutuhkan kecepatan baik dalam pengembangan maupun implementasi. Setiap tahapan pada pipeline DevSecOps merupakan tahapan yang harus diperhatikan dan masuk kedalam pantauan SOC (Security Operation Center). Untuk itu diperlukan kemampuan SOC untuk bisa memantau setiap pipeline DevSecOps sehingga dapat memberikan gambaran kondisi keamanan pada organisasi

More from idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Utian Ayuba - Profiling The Cloud Crime.pdf

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Pentesting react native application for fun and profit - Abdullah

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Removing Uninteresting Bytes in Software Fuzzing

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

20240605 QFM017 Machine Intelligence Reading List May 2024

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

How to Get CNIC Information System with Paksim Ga.pptx

Artificial Intelligence for XMLDevelopment

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

PCI PIN Basics Webinar from the Controlcase Team

Elizabeth Buie - Older adults: Are we really designing for our future selves?

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Communications Mining Series - Zero to Hero - Session 1

The21stcenturybankjob 101014152255-phpapp02

1. THE 21ST CENTURY BANK JOB@GEOVEDI

2. EVERTHOUGHT ABOUT ROBBING A BANK?

3. JOHN DILLINGER KUSNI KASDUT OLD SCHOOL

4. HACKING A BANK IS EASY ..OR MAYBE NOT!!

5. MODERN BANK JOBS CASE STUDIES

6. CREDIT CARD FRAUD

7. ATM SKIMMING

8. SOCIAL ENGINEERING

9. &IT’S EASIER THEY ARE CLUELESS WHYTARGETINGTHE USERS? [MOST OFTHETIME]

10. HOW ABOUT HACKING?

11. Swordfish(2001)

12. INSIDE THEBANK’S ITSYSTEM

13. CORE TRADEFINANCE TREASURY DATAWAREHOUSING ANTIMONEYLAUNDRINGREMITTANCE CRM COLLECTIONSYSTEM ATMSWITCH INTERNETBANKING ISLAMICBANKING MOBILEBANKING CARDMANAGEMENT

14. NETWORKOFTRUST EMPLOYEES MANAGEMENT GOVERNMENT VENDORS CUSTOMERS

15. STORYTELLINGSESSION HOWWECOMPROMISEDBANKS ONSOMEPENTESTENGAGEMENT

16. COMMONPROBLEMS PEOPLE PROBLEMS WEAK PASSWORDS LACK OF AWARENESS LACK OF SKILLS SYSTEM PROBLEMS OUTDATED SYSTEMS INSECURE CONFIGURATIONS INSECURE PROTOCOLS

17. MANAGEMENTPROBLEMS

18.

19. MERCHANTS

20. ATM COMPROMISE

21. WTFKTHXBYE

22.

23. WHO’SRESPONSIBLE?

24. BANK CUSTOMER AccordingtoCustomer BANK CUSTOMER AccordingtoBank RESPONSIBLE RESPONSIBLE RESPONSIBLE SECURITYRESPONSIBILITY

25. BANKS’EFFORTS TO INCREASE THE SECURITY LEVEL

26. ENCRYPTION

27. TWO-FACTOR AUTHENTICATIONS

28. TWO-FACTOR AUTHENTICATIONS

29. REGULATION COMPLIANCE

30. REGULAR SECURITY ASSESSMENT

31. WHAT’S NEXT?

32. WHAT’S NEXT?

33. THANKS!

34. CREDITS: Photos: • [Page 01] http://www.flickr.com/photos/reddogfever/4580710899/ • [Page 02] http://www.flickr.com/photos/lanuiop/226760877/ • [Page 04] http://www.flickr.com/photos/deepblue66/132439533/ • [Page 05] http://www.flickr.com/photos/marcelnicolai/4600107436/ • [Page 09] http://www.flickr.com/photos/paulwatson/411792788/ • [Page 10] http://www.flickr.com/photos/jliba/3696592874/ • [Page 11] Swordfish Hack — http://www.youtube.com/watch?v=zfy5dFhw3ik • [Page 12] http://www.flickr.com/photos/skreuzer/354316778/ • [Page 13] http://www.flickr.com/photos/tim_d/184018928/ • [Page 14] http://www.flickr.com/photos/eskimoblood/2111672366/ • [Page 15] http://www.flickr.com/photos/beneathourfeet/2502755729/ • [Page 16] http://www.flickr.com/photos/formalfallacy/2057169454/ • [Page 16] http://www.flickr.com/photos/dolor_ipsum/3262262008/ • [Page 17] http://www.flickr.com/photos/24443965@N08/3460357646/ • [Page 23] http://www.flickr.com/photos/kk/4191131924/ • [Page 25] http://www.flickr.com/photos/ari/2347593532/ • [Page 27] http://www.infosurhoy.com/cocoon/saii/images/2010/03/01/photo4.jpg • [Page 28] http://en.wikipedia.org/wiki/File:CryptoCard_two_factor.jpg • [Page 29] http://blogs.ft.com/gapperblog/files/2008/03/bank-regulation.jpg • [Page 30] http://www.flickr.com/photos/dfarrell07/5013882149/ • [Page 31] http://www.flickr.com/photos/joshmt/2526552173/

35. @GEOVEDI CHECKOUT: http://slideshare.net/geovedi

The21stcenturybankjob 101014152255-phpapp02

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to The21stcenturybankjob 101014152255-phpapp02

Similar to The21stcenturybankjob 101014152255-phpapp02 (12)

More from idsecconf

More from idsecconf (20)

Recently uploaded

Recently uploaded (20)

The21stcenturybankjob 101014152255-phpapp02