SlideShare uma empresa Scribd logo

Attacks Against Captcha Systems - DefCamp 2012

Transferir como PPT, PDF
DefCamp
DefCamp
1 de 41
Attacking CAPTCHAs explained Ioan – Carol Plangu
What's a CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart
Three attack methods  Implementation attack  Automated recognition  Manual labor
The implementation attack Scenario 1 the image session id can be reused
The implementation attack Scenario 1 the image session id can be reused id Restricted Captcha page form
The implementation attack Scenario 2 the number of captcha tests is limited
The implementation attack Scenario 2 the number of captcha tests is limited we just need to solve them all and store them in a hash table
The implementation attack Scenario 3 hash of solution sent to client
The implementation attack Scenario 3 hash of solution sent to client rainbow tables :)
Manual labor There are two options:
Pay a bunch of monkeys
Or not... XXX Complete this captcha form to continue
Automated recognition We're going to actually reproduce a human response for the given question
Can you understand my voice?
The sound sample is usually generated
It's hard to add noise to the generated speech without making it hard for the human
But can you read?
Sort of.....
The most common approach  Greedy optimization – reverse engineer everything  Character segmentation  OCR
Possible security measures
Possible security measures  Funky background image
Possible security measures  Funky background image − usually can be removed with basic preprocessing
Possible security measures  Funky background image − usually can be removed with basic preprocessing  Text distortions
Possible security measures  Funky background image − usually can be removed with basic preprocessing  Text distortions − modern OCR techniques can beat it
Possible security measures  Funky background image − usually can be removed with basic preprocessing  Text distortions − modern OCR techniques can beat it  Anti segmentation measures
Beating segmentation
Beating segmentation  If a character signature can be extracted from only the vertical signature, character segmentation becomes trivial A Low-cost Attack on a Microsoft CAPTCHA - Jeff Yan, Ahmad Salah El Ahmad School of Computing Science, Newcastle University, UK
Beating segmentation We can otherwise ignore it!
Beating segmentation We can otherwise ignore it! The following slides are about an experiment about this approach
A Monte-Carlo experiment  Note: for testing performance, the variance of the characters has been kept to a minimum f(x) → y x in binary( 0 - 2^3000 ) y in 10^6
Training: − Select one character image at random − Select N black spots − Sort the points for uniqueness − Subtract the first point from all others for position independence − Assign it a 'weight' for each character using the following formula: matched characters count / sample size − Assign it a 'score' (indicates classification quality) selected digit weight / (1 + other digit weights)
Recognition: − Make a score map for all points − Select the most appropriate character for each column − Process the resulting string into a 6 digit string
An equivalent model input layer linear hidden layer (feature layer) threshold layers softmax layer
An equivalent model input layer OCR linear hidden layer (feature layer) without zero penalty == threshold layers No biases for the first layer (avoids the 2*binary - 1 effect) softmax layer
Hacking the OCR: To negate the effect the biases, for each image we add random noise in the white areas This will greatly improve the recognition in a noisy image
An more powerful model input layer Hacked OCR layer Score map output layer
Questions?
The demo source is hosted at https://github.com/theshark08/howtobreakacaptcha01

Recomendados

OpenLayers 3.0
OpenLayers 3.0OpenLayers 3.0
OpenLayers 3.0
Camptocamp
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Imperva
 
Blended Threat Concept in Web Applications - DefCamp 2012
Blended Threat Concept in Web Applications - DefCamp 2012Blended Threat Concept in Web Applications - DefCamp 2012
Blended Threat Concept in Web Applications - DefCamp 2012
DefCamp
 
Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012
DefCamp
 
Project Smart - DefCamp 2012
Project Smart - DefCamp 2012Project Smart - DefCamp 2012
Project Smart - DefCamp 2012
DefCamp
 
Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012
DefCamp
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
Denim Group
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
Codenomicon
 

Recomendados

OpenLayers 3.0
OpenLayers 3.0OpenLayers 3.0
OpenLayers 3.0
Camptocamp
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Imperva
 
Blended Threat Concept in Web Applications - DefCamp 2012
Blended Threat Concept in Web Applications - DefCamp 2012Blended Threat Concept in Web Applications - DefCamp 2012
Blended Threat Concept in Web Applications - DefCamp 2012
DefCamp
 
Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012
DefCamp
 
Project Smart - DefCamp 2012
Project Smart - DefCamp 2012Project Smart - DefCamp 2012
Project Smart - DefCamp 2012
DefCamp
 
Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012
DefCamp
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
Denim Group
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
Codenomicon
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]
Chris Theisen
 
Software Security Education at Scale
Software Security Education at ScaleSoftware Security Education at Scale
Software Security Education at Scale
Chris Theisen
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Yuji Kosuga
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and Defense
Priyanka Aash
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Imperva Incapsula
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
DefCamp
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection Attacks
Lionel Briand
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
AlienVault
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Neural Networks in the Wild: Handwriting Recognition
Neural Networks in the Wild: Handwriting RecognitionNeural Networks in the Wild: Handwriting Recognition
Neural Networks in the Wild: Handwriting Recognition
John Liu
 
Deep learning: what? how? why? How to win a Kaggle competition
Deep learning: what? how? why? How to win a Kaggle competitionDeep learning: what? how? why? How to win a Kaggle competition
Deep learning: what? how? why? How to win a Kaggle competition
317070
 
ECCV2010: feature learning for image classification, part 4
ECCV2010: feature learning for image classification, part 4ECCV2010: feature learning for image classification, part 4
ECCV2010: feature learning for image classification, part 4
zukun
 
Angular and Deep Learning
Angular and Deep LearningAngular and Deep Learning
Angular and Deep Learning
Oswald Campesato
 
Introduction to machine learning november 25, 2017
Introduction to machine learning november 25, 2017Introduction to machine learning november 25, 2017
Introduction to machine learning november 25, 2017
Manish Panchmatia
 
Intelligent Thumbnail Selection
Intelligent Thumbnail SelectionIntelligent Thumbnail Selection
Intelligent Thumbnail Selection
Kamil Sindi
 
Haskell for data science
Haskell for data scienceHaskell for data science
Haskell for data science
John Cant
 
Artificial neural networks introduction
Artificial neural networks introductionArtificial neural networks introduction
Artificial neural networks introduction
SungminYou
 
Gan seminar
Gan seminarGan seminar
Gan seminar
San Kim
 
Introductory Digital Image Processing using Matlab, IIT Roorkee
Introductory Digital Image Processing using Matlab, IIT RoorkeeIntroductory Digital Image Processing using Matlab, IIT Roorkee
Introductory Digital Image Processing using Matlab, IIT Roorkee
Vinayak Sahai
 
Som paper1.doc
Som paper1.docSom paper1.doc
Som paper1.doc
Abhi Mediratta
 
CAPTCHA and Convolutional neural network
CAPTCHA and Convolutional neural network CAPTCHA and Convolutional neural network
CAPTCHA and Convolutional neural network
Bushra Jbawi
 
Introduction to Deep Learning
Introduction to Deep LearningIntroduction to Deep Learning
Introduction to Deep Learning
Oswald Campesato
 

Mais conteúdo relacionado

Destaque

A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Imperva Incapsula
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
DefCamp
 

Destaque (9)

Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]
 
Software Security Education at Scale
Software Security Education at ScaleSoftware Security Education at Scale
Software Security Education at Scale
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and Defense
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection Attacks
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
 

Semelhante a Attacks Against Captcha Systems - DefCamp 2012

ECCV2010: feature learning for image classification, part 4
ECCV2010: feature learning for image classification, part 4ECCV2010: feature learning for image classification, part 4
ECCV2010: feature learning for image classification, part 4
zukun
 
Haskell for data science
Haskell for data scienceHaskell for data science
Haskell for data science
John Cant
 
Using Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical ApplicationsUsing Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical Applications
Greg Makowski
 
Scrambling For Video Surveillance
Scrambling For Video SurveillanceScrambling For Video Surveillance
Scrambling For Video Surveillance
Kobi Magnezi
 

Semelhante a Attacks Against Captcha Systems - DefCamp 2012 (20)

Neural Networks in the Wild: Handwriting Recognition
Neural Networks in the Wild: Handwriting RecognitionNeural Networks in the Wild: Handwriting Recognition
Neural Networks in the Wild: Handwriting Recognition
 
Deep learning: what? how? why? How to win a Kaggle competition
Deep learning: what? how? why? How to win a Kaggle competitionDeep learning: what? how? why? How to win a Kaggle competition
Deep learning: what? how? why? How to win a Kaggle competition
 
ECCV2010: feature learning for image classification, part 4
ECCV2010: feature learning for image classification, part 4ECCV2010: feature learning for image classification, part 4
ECCV2010: feature learning for image classification, part 4
 
Angular and Deep Learning
Angular and Deep LearningAngular and Deep Learning
Angular and Deep Learning
 
Introduction to machine learning november 25, 2017
Introduction to machine learning november 25, 2017Introduction to machine learning november 25, 2017
Introduction to machine learning november 25, 2017
 
Intelligent Thumbnail Selection
Intelligent Thumbnail SelectionIntelligent Thumbnail Selection
Intelligent Thumbnail Selection
 
Haskell for data science
Haskell for data scienceHaskell for data science
Haskell for data science
 
Artificial neural networks introduction
Artificial neural networks introductionArtificial neural networks introduction
Artificial neural networks introduction
 
Gan seminar
Gan seminarGan seminar
Gan seminar
 
Introductory Digital Image Processing using Matlab, IIT Roorkee
Introductory Digital Image Processing using Matlab, IIT RoorkeeIntroductory Digital Image Processing using Matlab, IIT Roorkee
Introductory Digital Image Processing using Matlab, IIT Roorkee
 
Som paper1.doc
Som paper1.docSom paper1.doc
Som paper1.doc
 
CAPTCHA and Convolutional neural network
CAPTCHA and Convolutional neural network CAPTCHA and Convolutional neural network
CAPTCHA and Convolutional neural network
 
Introduction to Deep Learning
Introduction to Deep LearningIntroduction to Deep Learning
Introduction to Deep Learning
 
Using Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical ApplicationsUsing Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical Applications
 
Deep learning from a novice perspective
Deep learning from a novice perspectiveDeep learning from a novice perspective
Deep learning from a novice perspective
 
Alberto Massidda - Scenes from a memory - Codemotion Rome 2019
Alberto Massidda - Scenes from a memory - Codemotion Rome 2019Alberto Massidda - Scenes from a memory - Codemotion Rome 2019
Alberto Massidda - Scenes from a memory - Codemotion Rome 2019
 
supervised.pptx
supervised.pptxsupervised.pptx
supervised.pptx
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
Scrambling For Video Surveillance
Scrambling For Video SurveillanceScrambling For Video Surveillance
Scrambling For Video Surveillance
 
Workshop NGS data analysis - 1
Workshop NGS data analysis - 1Workshop NGS data analysis - 1
Workshop NGS data analysis - 1
 

Mais de DefCamp

Mais de DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Attacks Against Captcha Systems - DefCamp 2012