SlideShare uma empresa Scribd logo

Hacking beyond hacking - Forgotten Chapters - DefCamp 2012

DefCamp
DefCamp
1 de 37
Baixar para ler offline
Hacking beyond hacking - forgotten chapters. Milan Gabor
whoami
Cop or not a cop?
Before we start
Disclaimer This presentation was created for educational purposes. I will not take any responsibility for any action you cause using the information shown in this presentation. Please do not contact me with blackhat type hacking requests. Thanks! Original taken from: http://www.lo0.ro/
Where do I come from
Romania/n
Hackers?
Whois is hacking????
Miracles?
No need to hack!
NDAs
Where is money spent?
Blame who?
Developers ?!?! > fileproxy.ashx?path=ProfilesDo mainUsernamePathpics/pict ure.jpg
Environment?
To see and feel invisible!
True vision? I have been doing same things as other people. I just looked them in different way. Albert Einstein
All our life depends > demo:demo > test:test > admin:admin > no pass
Rookies?
Errors?
SNMP
DOS?
One life (file)? Is it getting better? Or do you feel the same? Will it make it easier on you now? You got someone to blame You say One love One life ... file U2 company-xxx.zip 10.345.441 bytes 0.0.000
Algorithm > Windows domain internal short-company-name.ro > Outside not registered > Register with official registrar > Have fun!!
Puppets?
After that
Encryption? TWpjME1ETT0= Mjc0MDM= 27403 > Don own!!!
Phones
Almost best hacking tool
When everything else fails!
PASSION
Or perhaps you should! ;)
Thank you all! milan@viris.si @MilanGabor Stop me. Talk to me. Bug me. I am nice guy. ;)

Recomendados

First Do No Harm: Ethics and Online Representation
First Do No Harm: Ethics and Online RepresentationFirst Do No Harm: Ethics and Online Representation
First Do No Harm: Ethics and Online RepresentationBryan Nunez
 
Internet safety
Internet safetyInternet safety
Internet safetypatrick yango
 
Internet safety
Internet safetyInternet safety
Internet safetypatrick yango
 
Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012DefCamp
 
Corporate Network Security 101
Corporate Network Security 101Corporate Network Security 101
Corporate Network Security 101DefCamp
 
Securitatea in secolul 21
Securitatea in secolul 21Securitatea in secolul 21
Securitatea in secolul 21DefCamp
 
Analiza si evolutia vulnerabilitatilor web
Analiza si evolutia vulnerabilitatilor webAnaliza si evolutia vulnerabilitatilor web
Analiza si evolutia vulnerabilitatilor webDefCamp
 
Vulnerabilitati 0-day in software de larg interes
Vulnerabilitati 0-day in software de larg interesVulnerabilitati 0-day in software de larg interes
Vulnerabilitati 0-day in software de larg interesDefCamp
 

Recomendados

First Do No Harm: Ethics and Online Representation
First Do No Harm: Ethics and Online RepresentationFirst Do No Harm: Ethics and Online Representation
First Do No Harm: Ethics and Online RepresentationBryan Nunez
 
Internet safety
Internet safetyInternet safety
Internet safetypatrick yango
 
Internet safety
Internet safetyInternet safety
Internet safetypatrick yango
 
Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012DefCamp
 
Corporate Network Security 101
Corporate Network Security 101Corporate Network Security 101
Corporate Network Security 101DefCamp
 
Securitatea in secolul 21
Securitatea in secolul 21Securitatea in secolul 21
Securitatea in secolul 21DefCamp
 
Analiza si evolutia vulnerabilitatilor web
Analiza si evolutia vulnerabilitatilor webAnaliza si evolutia vulnerabilitatilor web
Analiza si evolutia vulnerabilitatilor webDefCamp
 
Vulnerabilitati 0-day in software de larg interes
Vulnerabilitati 0-day in software de larg interesVulnerabilitati 0-day in software de larg interes
Vulnerabilitati 0-day in software de larg interesDefCamp
 
Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...ITCamp
 
HACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeHACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeanupriti
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDPSecurity BSides London
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formatsAnge Albertini
 
How to protect your privacy online
How to protect your privacy online How to protect your privacy online
How to protect your privacy online KevinDRolle
 
How To Protect Your Privacy Online
How To Protect Your Privacy OnlineHow To Protect Your Privacy Online
How To Protect Your Privacy OnlineKevinDRolle
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
Hacking with experts (by anurag dwivedi)
Hacking with experts (by anurag dwivedi)Hacking with experts (by anurag dwivedi)
Hacking with experts (by anurag dwivedi)Esteban Bedoya
 
Plone, battle-scarred community with battle tanks
Plone, battle-scarred community with battle tanksPlone, battle-scarred community with battle tanks
Plone, battle-scarred community with battle tanksMikko Ohtamaa
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Codemotion
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsTom Eston
 
Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009Allison Sheridan
 
Thou shalt not
Thou shalt notThou shalt not
Thou shalt nottaftosterone
 
How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Trojan horse
Trojan horseTrojan horse
Trojan horseDevAkabari
 
Libby naylor tech 2k14
Libby naylor tech 2k14Libby naylor tech 2k14
Libby naylor tech 2k14Marq2014
 
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...JosephTesta9
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Clio - Cloud-Based Legal Technology
 
Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 

Mais conteúdo relacionado

Semelhante a Hacking beyond hacking - Forgotten Chapters - DefCamp 2012

Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...ITCamp
 
HACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeHACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeanupriti
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formatsAnge Albertini
 
How to protect your privacy online
How to protect your privacy online How to protect your privacy online
How to protect your privacy online KevinDRolle
 
How To Protect Your Privacy Online
How To Protect Your Privacy OnlineHow To Protect Your Privacy Online
How To Protect Your Privacy OnlineKevinDRolle
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
Hacking with experts (by anurag dwivedi)
Hacking with experts (by anurag dwivedi)Hacking with experts (by anurag dwivedi)
Hacking with experts (by anurag dwivedi)Esteban Bedoya
 
Plone, battle-scarred community with battle tanks
Plone, battle-scarred community with battle tanksPlone, battle-scarred community with battle tanks
Plone, battle-scarred community with battle tanksMikko Ohtamaa
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Codemotion
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsTom Eston
 
Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009Allison Sheridan
 
How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Libby naylor tech 2k14
Libby naylor tech 2k14Libby naylor tech 2k14
Libby naylor tech 2k14Marq2014
 
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...JosephTesta9
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Clio - Cloud-Based Legal Technology
 

Semelhante a Hacking beyond hacking - Forgotten Chapters - DefCamp 2012 (20)

Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...
 
HACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeHACKED PC : -I don't care attitude
HACKED PC : -I don't care attitude
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDP
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formats
 
How to protect your privacy online
How to protect your privacy online How to protect your privacy online
How to protect your privacy online
 
How To Protect Your Privacy Online
How To Protect Your Privacy OnlineHow To Protect Your Privacy Online
How To Protect Your Privacy Online
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application Security
 
Hacking with experts (by anurag dwivedi)
Hacking with experts (by anurag dwivedi)Hacking with experts (by anurag dwivedi)
Hacking with experts (by anurag dwivedi)
 
Plone, battle-scarred community with battle tanks
Plone, battle-scarred community with battle tanksPlone, battle-scarred community with battle tanks
Plone, battle-scarred community with battle tanks
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
 
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network Bots
 
Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009
 
Thou shalt not
Thou shalt notThou shalt not
Thou shalt not
 
How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
Libby naylor tech 2k14
Libby naylor tech 2k14Libby naylor tech 2k14
Libby naylor tech 2k14
 
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worryi...
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360
 
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
 

Mais de DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 

Mais de DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Hacking beyond hacking - Forgotten Chapters - DefCamp 2012