SlideShare uma empresa Scribd logo

Country domination - Causing chaos and wrecking havoc

Transferir como PPTX, PDF
Tiago Henriques
Tiago Henriques

This document discusses using the search engine Shodan to find exposed devices and systems online. It provides example search queries that can be used on Shodan to find devices by port, banner contents, or country. It also discusses how information can be gathered from devices using SNMP and how Nmap can be used with Shodan search results to take screenshots of websites with no authentication. The document suggests some potentially concerning searches related to SCADA systems and critical infrastructure.

Tecnologia
1 de 78
Country d0m1nat10n balgan@ptcoresec.eu
Who Am I ? Team Leader of these guise • Tiago Henriques • @balgan • 24 • BSc • MSc • CEH • CHFI file:///C:/Users/balga n/Downloads/11545_ • CISSP 192585389754_51359 • MCSA 9754_3020198_33334 • CISA 9_n.jpg • CISM Currently employed • CPT by these guise • CCNA
What will we talk about today?
I AM NOT RESPONSIBLE FOR ANY ILLEGAL ACTS OR ACTIONS THAT YOU PRACTICE OR ANYONE THAT LEARNS SOMETHING FROM TODAY’S PRESENTATION.
Causing Chaos. If you guys were an attacker that This is what I would do, control as was out to cause am gonna talk machines real damage or manythat’s whatin that country, And get profit, critical systems andon penetrate how would you go get about today. about it ? as much info as possible.
Business When a client asks for a pentest We present them with these
Business
Business
Business
Business And that’s all really neat and pretty, however there are 2 problems with that! These guys don’t give a f***. Management Blackhats
Management Cares about: • Money • Money • Money Does: • Will lie for PCI DSS This shit gives us, • Approves every single thing even if it security peeps, doesn’t match security department goals headaches! but gets them moneys.
Blackhats I managed to acquire video footage that shows these guys in action and their vision of the world, lets have a sneek peek!
Video - Blackhats
Tonight only, I ask one thing of u Leave your whitehats and CISSPs at home, and embark on a journey with me to make the world…
SHODAN SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. Another way of putting it would be:
Is the Of these
Now combine this: With these:
And you get a lot of these
Also if you do anything ilegal and get caught, you’ll get one of these:
SHODAN Now its when u ask
Shodan http://www.shodanhq.com/
SHODAN Accessing that website will give u a bar, where you can type queries and obtain results. Your queries, can ask for PORTS, Countries, strings contained in the banners, and all sorts of other things Following is a sample set of queries that can lead to some interesting results:
SHODAN QUERIES • http://www.shodanhq.com/?q=cisco-IOS • http://www.shodanhq.com/?q=IIS+4.0 • http://www.shodanhq.com/?q=Xerver • http://www.shodanhq.com/?q=Fuji+xerox • http://www.shodanhq.com/?q=JetDirect • http://www.shodanhq.com/?q=Netgear • http://www.shodanhq.com/?q=%22Anonymous+access+allowed%22 • http://www.shodanhq.com/?q=Golden+FTP+Server
SHODAN QUERIES + combined country? Awesome! Saturday, 9th of June 2012
SHODAN QUERIES + combined country Port: 3306 country:PT
SHODAN QUERIES + combined country? Awesome! Wednesday, 6th of June 2012
SHODAN QUERIES + combined country BigIP country:PT
SHODAN QUERIES + combined country? Awesome! Tuesday, March 13, 2012
SHODAN QUERIES + combined country port:3389 -allowed country:PT
SHODAN QUERIES + combined country? Awesome!
SHODAN QUERIES OF AWESOMENESS SAP Web Application Server (ICM) Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS SAP NetWeaver Application Server Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS SAP Web Application Server Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS SAP J2EE Engine Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS
SHODAN QUERIES OF AWESOMENESS port:23 country:PT Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS port:23 country:PT Username:admin Password:smcadmin
SHODAN QUERIES OF AWESOMENESS port:23 list of built-in commands Worldwide Not a big number, however just telnet in and you get shell…
SHODAN QUERIES OF AWESOMENESS port:161 country:PT Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ? • Windows RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2 • Windows INSTALLED SOFTWARE 1.3.6.1.2.1.25.6.3.1.2 • Windows SYSTEM INFO 1.3.6.1.2.1.1.1 • Windows HOSTNAME 1.3.6.1.2.1.1.5 • Windows DOMAIN 1.3.6.1.4.1.77.1.4.1 • Windows UPTIME 1.3.6.1.2.1.1.3 • Windows USERS 1.3.6.1.4.1.77.1.2.25 • Windows SHARES 1.3.6.1.4.1.77.1.2.27 • Windows DISKS 1.3.6.1.2.1.25.2.3.1.3 • Windows SERVICES 1.3.6.1.4.1.77.1.2.3.1.1 • Windows LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0 • Windows LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0
SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ? • Linux RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2 • Linux SYSTEM INFO 1.3.6.1.2.1.1.1 • Linux HOSTNAME 1.3.6.1.2.1.1.5 • Linux UPTIME 1.3.6.1.2.1.1.3 • Linux MOUNTPOINTS 1.3.6.1.2.1.25.2.3.1.3 • Linux RUNNING SOFTWARE PATHS 1.3.6.1.2.1.25.4.2.1.4 • Linux LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0 • Linux LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0
SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ? • Cisco LAST TERMINAL USERS 1.3.6.1.4.1.9.9.43.1.1.6.1.8 • Cisco INTERFACES 1.3.6.1.2.1.2.2.1.2 • Cisco SYSTEM INFO 1.3.6.1.2.1.1.1 • Cisco HOSTNAME 1.3.6.1.2.1.1.5 • Cisco SNMPcommunities 1.3.6.1.6.3.12.1.3.1.4 • Cisco UPTIME 1.3.6.1.2.1.1.3 • Cisco IP ADDRESSES 1.3.6.1.2.1.4.20.1.1 • Cisco INTERFACE DESCRIPTIONS 1.3.6.1.2.1.31.1.1.1.18 • Cisco HARDWARE 1.3.6.1.2.1.47.1.1.1.1.2 • Cisco TACACS SERVER 1.3.6.1.4.1.9.2.1.5 • Cisco LOGMESSAGES 1.3.6.1.4.1.9.9.41.1.2.3.1.5 • Cisco PROCESSES 1.3.6.1.4.1.9.9.109.1.2.1.1.2 • Cisco SNMP TRAP SERVER 1.3.6.1.6.3.12.1.2.1.7
SHODAN QUERIES OF AWESOMENESS
SHODAN QUERIES OF AWESOMENESS cisco country:PT Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS cisco country:PT
Cisco
Cisco – GRE TUNNELING
SHODAN QUERIES OF AWESOMENESS port:1900 country:PT Worldwide Portugal
SHODAN QUERIES OF AWESOMENESS So, What is UPNP?
SHODAN QUERIES OF AWESOMENESS So, What uses UPNP?
SHODAN QUERIES OF AWESOMENESS Hackz
SHODAN QUERIES OF AWESOMENESS Hackz
SHODAN QUERIES OF AWESOMENESS UPNP zomg time
SHODAN QUERIES OF AWESOMENESS UPNP Remote command execution
SHODAN QUERIES OF AWESOMENESS Oh and by the way…
SHODAN QUERIES OF AWESOMENESS Another funny thing about UPNP, is that you can get the MAC ADDR and SSID its using And then….
SHODAN (MORE INTERESTING) QUERIES SCADA • http://www.shodanhq.com/?q=PLC • http://www.shodanhq.com/?q=allen+bradley • http://www.shodanhq.com/?q=fanuc • http://www.shodanhq.com/?q=Rockwell • http://www.shodanhq.com/?q=Cimplicity • http://www.shodanhq.com/?q=Omron • http://www.shodanhq.com/?q=Novatech • http://www.shodanhq.com/?q=Citect • http://www.shodanhq.com/?q=RTU • http://www.shodanhq.com/?q=Modbus+Bridge • http://www.shodanhq.com/?q=modicon • http://www.shodanhq.com/?q=bacnet • http://www.shodanhq.com/?q=telemetry+gateway • http://www.shodanhq.com/?q=SIMATIC • http://www.shodanhq.com/?q=hmi • http://www.shodanhq.com/?q=siemens+-...er+-Subscriber • http://www.shodanhq.com/?q=scada+RTS • http://www.shodanhq.com/?q=SCHNEIDER
SHODAN (MORE INTERESTING) QUERIES SCADA PORTUGAL?
SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
A little tip… If you want to quickly check for stuff (web related) that has no authentication, use NMAP!
A little tip… First, let’s get wkhtmltoimage: wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static- i386.tar.bz2 tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2 cp wkhtmltoimage-i386 /usr/local/bin/ Next, let’s get and install the Nmap module: git clone git://github.com/SpiderLabs/Nmap-Tools.git cd Nmap-Tools/NSE/ cp http-screenshot.nse /usr/local/share/nmap/scripts/ nmap --script-updatedb
A little tip… Then, do your shodan search and use: This automatically exports a list of ips u can import into nmap
A little tip… Then…
A little tip… And nmap, will automatically take screen shots of the first pages that appear and store them, then u just need to look at those!
To end…
SCARY SHIT! DEFACE 1 SCARY? NO!
SCARY SHIT! DEFACE 2 SCARY? Well… disturbing, scary? Not so much!
SCARY SHIT!
SCARY SHIT!
SCARY SHIT!
Shodan – the bad part • Imports nmap scans from their servers, so its not always 100% updated! Confirmed this by correlating some of the shodan results with our personal results! • For example on mysql servers, Shodan would find 785, where our results showed 3000+
Shodan – the good part • Good querying system • If port scanning is illegal in your country, you’re out of trouble if u use shodan, because ur just querying data acquired by them.
Kudos GF Aaron @f1nux Luis Grangeia
Resources http://secanalysis.com/interesting-shodan-searches/ blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web- services.html http://www.youtube.com/watch?v=LPgZU7ZNIjQ - Defcon 18 2010 SHODAN for Penetration Testers Michael Schearer
50% discount for students and AP2SI peeps

Recomendados

12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec Journey
12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec Journey12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec Journey
12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec JourneySaumil Shah
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesDEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesFelipe Prado
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the scriptChris Nickerson
 
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...rschuppe
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
Zeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityZeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson
 

Recomendados

12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec Journey
12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec Journey12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec Journey
12 Years and a Baker's Dozen - Lessons and Learnings from my Infosec JourneySaumil Shah
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesDEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesFelipe Prado
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the scriptChris Nickerson
 
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...rschuppe
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
Zeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityZeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson
 
Confraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaConfraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaTiago Henriques
 
Confraria do Empreendedor
Confraria do EmpreendedorConfraria do Empreendedor
Confraria do EmpreendedorJoão Kepler Braga ®
 
Talkj4mshare
Talkj4mshareTalkj4mshare
Talkj4mshareTiago Henriques
 
Preso fcul
Preso fculPreso fcul
Preso fculTiago Henriques
 
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.Aldeia Coworking
 
Confraria Rock 2011
Confraria Rock 2011Confraria Rock 2011
Confraria Rock 2011Renato Velho
 
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...Tiago Henriques
 
Workshop
WorkshopWorkshop
WorkshopTiago Henriques
 
Enei
EneiEnei
EneiTiago Henriques
 
Presentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecPresentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecTiago Henriques
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using sshTiago Henriques
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winTiago Henriques
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity Tiago Henriques
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandTiago Henriques
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010Tiago Henriques
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101Tiago Henriques
 
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015Tiago Henriques
 
Move out from AppEngine, and Python PaaS alternatives
Move out from AppEngine, and Python PaaS alternativesMove out from AppEngine, and Python PaaS alternatives
Move out from AppEngine, and Python PaaS alternativestzang ms
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 

Mais conteúdo relacionado

Destaque

Confraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaConfraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaTiago Henriques
 
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.Aldeia Coworking
 
Confraria Rock 2011
Confraria Rock 2011Confraria Rock 2011
Confraria Rock 2011Renato Velho
 
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...Tiago Henriques
 
Presentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecPresentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecTiago Henriques
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using sshTiago Henriques
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winTiago Henriques
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity Tiago Henriques
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandTiago Henriques
 
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015Tiago Henriques
 

Destaque (18)

Confraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaConfraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redonda
 
Confraria do Empreendedor
Confraria do EmpreendedorConfraria do Empreendedor
Confraria do Empreendedor
 
Talkj4mshare
Talkj4mshareTalkj4mshare
Talkj4mshare
 
Preso fcul
Preso fculPreso fcul
Preso fcul
 
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
Confraria Aldeia - Aula show para a turma faixa-branca da Confraria.
 
Confraria Rock 2011
Confraria Rock 2011Confraria Rock 2011
Confraria Rock 2011
 
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
 
Workshop
WorkshopWorkshop
Workshop
 
Enei
EneiEnei
Enei
 
Presentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecPresentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresec
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the win
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in Switzerland
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101
 
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
 

Semelhante a Country domination - Causing chaos and wrecking havoc

Move out from AppEngine, and Python PaaS alternatives
Move out from AppEngine, and Python PaaS alternativesMove out from AppEngine, and Python PaaS alternatives
Move out from AppEngine, and Python PaaS alternativestzang ms
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
 
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.hacktivity
 
Adversary Pattern Analysis - A Journey with APNIC Honeypot
Adversary Pattern Analysis - A Journey with APNIC HoneypotAdversary Pattern Analysis - A Journey with APNIC Honeypot
Adversary Pattern Analysis - A Journey with APNIC HoneypotA. S. M. Shamim Reza
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a countryTiago Henriques
 
Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...
Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...
Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...Tom Moore
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Michael Gough
 
OWF 2014 - Take back control of your Web tracking - Dataiku
OWF 2014 - Take back control of your Web tracking - DataikuOWF 2014 - Take back control of your Web tracking - Dataiku
OWF 2014 - Take back control of your Web tracking - DataikuDataiku
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
Website & Internet + Performance testing
Website & Internet + Performance testingWebsite & Internet + Performance testing
Website & Internet + Performance testingRoman Ananev
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 

Semelhante a Country domination - Causing chaos and wrecking havoc (20)

Move out from AppEngine, and Python PaaS alternatives
Move out from AppEngine, and Python PaaS alternativesMove out from AppEngine, and Python PaaS alternatives
Move out from AppEngine, and Python PaaS alternatives
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
 
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
 
Adversary Pattern Analysis - A Journey with APNIC Honeypot
Adversary Pattern Analysis - A Journey with APNIC HoneypotAdversary Pattern Analysis - A Journey with APNIC Honeypot
Adversary Pattern Analysis - A Journey with APNIC Honeypot
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
 
Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...
Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...
Step On In, The Water's Fine! - An Introduction To Security Testing Within A ...
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014
 
OWF 2014 - Take back control of your Web tracking - Dataiku
OWF 2014 - Take back control of your Web tracking - DataikuOWF 2014 - Take back control of your Web tracking - Dataiku
OWF 2014 - Take back control of your Web tracking - Dataiku
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
Website & Internet + Performance testing
Website & Internet + Performance testingWebsite & Internet + Performance testing
Website & Internet + Performance testing
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 

Mais de Tiago Henriques

BSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdfBSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdfTiago Henriques
 
Pixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architecturePixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architectureTiago Henriques
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionTiago Henriques
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017Tiago Henriques
 
Secure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago HenriquesSecure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago HenriquesTiago Henriques
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 

Mais de Tiago Henriques (7)

BSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdfBSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdf
 
Pixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architecturePixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architecture
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet version
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017
 
Secure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago HenriquesSecure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago Henriques
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 
Booklet
BookletBooklet
Booklet
 

Último

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Último (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Country domination - Causing chaos and wrecking havoc

  • 2. Who Am I ? Team Leader of these guise • Tiago Henriques • @balgan • 24 • BSc • MSc • CEH • CHFI file:///C:/Users/balga n/Downloads/11545_ • CISSP 192585389754_51359 • MCSA 9754_3020198_33334 • CISA 9_n.jpg • CISM Currently employed • CPT by these guise • CCNA
  • 3. What will we talk about today?
  • 4. I AM NOT RESPONSIBLE FOR ANY ILLEGAL ACTS OR ACTIONS THAT YOU PRACTICE OR ANYONE THAT LEARNS SOMETHING FROM TODAY’S PRESENTATION.
  • 5. Causing Chaos. If you guys were an attacker that This is what I would do, control as was out to cause am gonna talk machines real damage or manythat’s whatin that country, And get profit, critical systems andon penetrate how would you go get about today. about it ? as much info as possible.
  • 6. Business When a client asks for a pentest We present them with these
  • 10. Business And that’s all really neat and pretty, however there are 2 problems with that! These guys don’t give a f***. Management Blackhats
  • 11. Management Cares about: • Money • Money • Money Does: • Will lie for PCI DSS This shit gives us, • Approves every single thing even if it security peeps, doesn’t match security department goals headaches! but gets them moneys.
  • 12. Blackhats I managed to acquire video footage that shows these guys in action and their vision of the world, lets have a sneek peek!
  • 14. Tonight only, I ask one thing of u Leave your whitehats and CISSPs at home, and embark on a journey with me to make the world…
  • 15. SHODAN SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. Another way of putting it would be:
  • 17. Now combine this: With these:
  • 18. And you get a lot of these
  • 19. Also if you do anything ilegal and get caught, you’ll get one of these:
  • 22. SHODAN Accessing that website will give u a bar, where you can type queries and obtain results. Your queries, can ask for PORTS, Countries, strings contained in the banners, and all sorts of other things Following is a sample set of queries that can lead to some interesting results:
  • 23. SHODAN QUERIES • http://www.shodanhq.com/?q=cisco-IOS • http://www.shodanhq.com/?q=IIS+4.0 • http://www.shodanhq.com/?q=Xerver • http://www.shodanhq.com/?q=Fuji+xerox • http://www.shodanhq.com/?q=JetDirect • http://www.shodanhq.com/?q=Netgear • http://www.shodanhq.com/?q=%22Anonymous+access+allowed%22 • http://www.shodanhq.com/?q=Golden+FTP+Server
  • 24. SHODAN QUERIES + combined country? Awesome! Saturday, 9th of June 2012
  • 25. SHODAN QUERIES + combined country Port: 3306 country:PT
  • 26. SHODAN QUERIES + combined country? Awesome! Wednesday, 6th of June 2012
  • 27. SHODAN QUERIES + combined country BigIP country:PT
  • 28. SHODAN QUERIES + combined country? Awesome! Tuesday, March 13, 2012
  • 29. SHODAN QUERIES + combined country port:3389 -allowed country:PT
  • 30. SHODAN QUERIES + combined country? Awesome!
  • 31. SHODAN QUERIES OF AWESOMENESS SAP Web Application Server (ICM) Worldwide Portugal
  • 32. SHODAN QUERIES OF AWESOMENESS SAP NetWeaver Application Server Worldwide Portugal
  • 33. SHODAN QUERIES OF AWESOMENESS SAP Web Application Server Worldwide Portugal
  • 34. SHODAN QUERIES OF AWESOMENESS SAP J2EE Engine Worldwide Portugal
  • 35. SHODAN QUERIES OF AWESOMENESS
  • 36. SHODAN QUERIES OF AWESOMENESS port:23 country:PT Worldwide Portugal
  • 37. SHODAN QUERIES OF AWESOMENESS port:23 country:PT Username:admin Password:smcadmin
  • 38. SHODAN QUERIES OF AWESOMENESS port:23 list of built-in commands Worldwide Not a big number, however just telnet in and you get shell…
  • 39. SHODAN QUERIES OF AWESOMENESS port:161 country:PT Worldwide Portugal
  • 40. SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ? • Windows RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2 • Windows INSTALLED SOFTWARE 1.3.6.1.2.1.25.6.3.1.2 • Windows SYSTEM INFO 1.3.6.1.2.1.1.1 • Windows HOSTNAME 1.3.6.1.2.1.1.5 • Windows DOMAIN 1.3.6.1.4.1.77.1.4.1 • Windows UPTIME 1.3.6.1.2.1.1.3 • Windows USERS 1.3.6.1.4.1.77.1.2.25 • Windows SHARES 1.3.6.1.4.1.77.1.2.27 • Windows DISKS 1.3.6.1.2.1.25.2.3.1.3 • Windows SERVICES 1.3.6.1.4.1.77.1.2.3.1.1 • Windows LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0 • Windows LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0
  • 41. SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ? • Linux RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2 • Linux SYSTEM INFO 1.3.6.1.2.1.1.1 • Linux HOSTNAME 1.3.6.1.2.1.1.5 • Linux UPTIME 1.3.6.1.2.1.1.3 • Linux MOUNTPOINTS 1.3.6.1.2.1.25.2.3.1.3 • Linux RUNNING SOFTWARE PATHS 1.3.6.1.2.1.25.4.2.1.4 • Linux LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0 • Linux LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0
  • 42. SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ? • Cisco LAST TERMINAL USERS 1.3.6.1.4.1.9.9.43.1.1.6.1.8 • Cisco INTERFACES 1.3.6.1.2.1.2.2.1.2 • Cisco SYSTEM INFO 1.3.6.1.2.1.1.1 • Cisco HOSTNAME 1.3.6.1.2.1.1.5 • Cisco SNMPcommunities 1.3.6.1.6.3.12.1.3.1.4 • Cisco UPTIME 1.3.6.1.2.1.1.3 • Cisco IP ADDRESSES 1.3.6.1.2.1.4.20.1.1 • Cisco INTERFACE DESCRIPTIONS 1.3.6.1.2.1.31.1.1.1.18 • Cisco HARDWARE 1.3.6.1.2.1.47.1.1.1.1.2 • Cisco TACACS SERVER 1.3.6.1.4.1.9.2.1.5 • Cisco LOGMESSAGES 1.3.6.1.4.1.9.9.41.1.2.3.1.5 • Cisco PROCESSES 1.3.6.1.4.1.9.9.109.1.2.1.1.2 • Cisco SNMP TRAP SERVER 1.3.6.1.6.3.12.1.2.1.7
  • 43. SHODAN QUERIES OF AWESOMENESS
  • 44. SHODAN QUERIES OF AWESOMENESS cisco country:PT Worldwide Portugal
  • 45. SHODAN QUERIES OF AWESOMENESS cisco country:PT
  • 46. Cisco
  • 47. Cisco – GRE TUNNELING
  • 48. SHODAN QUERIES OF AWESOMENESS port:1900 country:PT Worldwide Portugal
  • 49. SHODAN QUERIES OF AWESOMENESS So, What is UPNP?
  • 50. SHODAN QUERIES OF AWESOMENESS So, What uses UPNP?
  • 51. SHODAN QUERIES OF AWESOMENESS Hackz
  • 52. SHODAN QUERIES OF AWESOMENESS Hackz
  • 53. SHODAN QUERIES OF AWESOMENESS UPNP zomg time
  • 54. SHODAN QUERIES OF AWESOMENESS UPNP Remote command execution
  • 55. SHODAN QUERIES OF AWESOMENESS Oh and by the way…
  • 56. SHODAN QUERIES OF AWESOMENESS Another funny thing about UPNP, is that you can get the MAC ADDR and SSID its using And then….
  • 57. SHODAN (MORE INTERESTING) QUERIES SCADA • http://www.shodanhq.com/?q=PLC • http://www.shodanhq.com/?q=allen+bradley • http://www.shodanhq.com/?q=fanuc • http://www.shodanhq.com/?q=Rockwell • http://www.shodanhq.com/?q=Cimplicity • http://www.shodanhq.com/?q=Omron • http://www.shodanhq.com/?q=Novatech • http://www.shodanhq.com/?q=Citect • http://www.shodanhq.com/?q=RTU • http://www.shodanhq.com/?q=Modbus+Bridge • http://www.shodanhq.com/?q=modicon • http://www.shodanhq.com/?q=bacnet • http://www.shodanhq.com/?q=telemetry+gateway • http://www.shodanhq.com/?q=SIMATIC • http://www.shodanhq.com/?q=hmi • http://www.shodanhq.com/?q=siemens+-...er+-Subscriber • http://www.shodanhq.com/?q=scada+RTS • http://www.shodanhq.com/?q=SCHNEIDER
  • 58. SHODAN (MORE INTERESTING) QUERIES SCADA PORTUGAL?
  • 59. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
  • 60. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
  • 61. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
  • 62. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
  • 63. A little tip… If you want to quickly check for stuff (web related) that has no authentication, use NMAP!
  • 64. A little tip… First, let’s get wkhtmltoimage: wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static- i386.tar.bz2 tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2 cp wkhtmltoimage-i386 /usr/local/bin/ Next, let’s get and install the Nmap module: git clone git://github.com/SpiderLabs/Nmap-Tools.git cd Nmap-Tools/NSE/ cp http-screenshot.nse /usr/local/share/nmap/scripts/ nmap --script-updatedb
  • 65. A little tip… Then, do your shodan search and use: This automatically exports a list of ips u can import into nmap
  • 67. A little tip… And nmap, will automatically take screen shots of the first pages that appear and store them, then u just need to look at those!
  • 69. SCARY SHIT! DEFACE 1 SCARY? NO!
  • 70. SCARY SHIT! DEFACE 2 SCARY? Well… disturbing, scary? Not so much!
  • 74. Shodan – the bad part • Imports nmap scans from their servers, so its not always 100% updated! Confirmed this by correlating some of the shodan results with our personal results! • For example on mysql servers, Shodan would find 785, where our results showed 3000+
  • 75. Shodan – the good part • Good querying system • If port scanning is illegal in your country, you’re out of trouble if u use shodan, because ur just querying data acquired by them.
  • 76. Kudos GF Aaron @f1nux Luis Grangeia
  • 77. Resources http://secanalysis.com/interesting-shodan-searches/ blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web- services.html http://www.youtube.com/watch?v=LPgZU7ZNIjQ - Defcon 18 2010 SHODAN for Penetration Testers Michael Schearer
  • 78. 50% discount for students and AP2SI peeps

Notas do Editor

  1. http://www.youtube.com/watch?v=WUhOnX8qt3I
  2. http://www.shodanhq.com/?q=Xerver (REF: http://www.exploit-db.com/exploits/9718)http://www.shodanhq.com/?q=Golden+FTP+Server (REF: http://www.exploit-db.com/exploits/10258)
  3. https://community.rapid7.com/community/metasploit/blog/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploithttps://community.rapid7.com/community/metasploit/blog/2012/06/25/press-f5-for-root-shell
  4. SAP applications, provide the capability to manage financial, asset, and cost accounting, production operations and materials, personnel, plants, and archived documents.
  5. SNMP
  6. Source:http://opasylum.net/WikiTreason/pentest/scanners/snmp/snmpenum/windows.txt
  7. Source:http://opasylum.net/WikiTreason/pentest/scanners/snmp/snmpenum/windows.txt
  8. Source:http://opasylum.net/WikiTreason/pentest/scanners/snmp/snmpenum/windows.txt
  9. SNMP
  10. SNMP
  11. SNMP
  12. SNMP
  13. SNMP
  14. UPNP
  15. UPNP
  16. Explain FIREWALL THINGIE
  17. UPNP
  18. UPNP
  19. UPNP
  20. UPNP
  21. UPNP
  22. UPNP
  23. Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  24. Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  25. Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  26. Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  27. SNMP
  28. SNMP
  29. SNMP
  30. SNMP
  31. SNMP
  32. SNMP
  33. SNMP