SlideShare uma empresa Scribd logo

Mere Paas Teensy Hai (Nikhil Mittal)

ClubHack
ClubHack

ClubHack 2011 Hacking and Security Conference. Talk - Mere Pass Teensy Hai Speaker - Nikhil MIttal

Tecnologia
1 de 46
Baixar para ler offline
MERE PAAS TEENSY HAI OR COMPROMISING A HIGHLY SECURE ENVIRONMENT PART 2 Nikhil Mittal (SamratAshok)
ABOUT ME  SamratAshok  Twitter - @nikhil_mitt  Penetration Tester with PwC India  I am interested in Offensive Information Security, new attack vectors and methodologies to pwn systems.  Creator of Kautilya and Maareech  Previous Talks  Ultimate Pen Testing: Compromising a highly secure environment Clubhack’10  Here are your Keystrokes Hackfest’11  Upcoming Talks  Kautilya: Teensy beyond shell Blackhat Abu Dhabi’11
OVERVIEW  Why the Title?  Current State of Pentesting  Questions being raised to us  The answer to the questions  What’s done  What we will do  Limitations  Future  Conclusion
WHY THE TITLE?  What I Told to the ClubHack team:  I talked about compromising a highly secure environment last year, let’s continue with the pwnage!!  Thanks to the team for buying that and allowing me to speak.  The real reason:
A TYPICAL PEN TEST SCENARIO  A client engagement comes with IP addresses.  We need to complete the assignment in very restrictive time frame.  Pressure is on us to deliver a “good” report with some high severity findings. (That “High” return inside a red colored box)
CURRENT STATE OF PENTESTING Vuln Exploit Report Scan
 This is a best case scenario.  Only lucky ones find that.  Generally legacy Enterprise Applications or Business Critical applications are not upgraded.  There is almost no fun doing it that way.
SOME OF US DO IT BETTER Enum Scan Exploit Report
SOME OF US DO IT EVEN BETTER Enum Post + Scan Exploit Report Exp Intel
WHY DO WE NEED TO EXPLOIT?  To gain access to the systems.  This shows the real threat to clients that we can actually make an impact on their business. No more “so-what”   We can create reports with “High” Severity findings.  <Audience>  <Audience>
WHAT DO WE EXPLOIT?  Memory Corruption bugs.  Server side  Client Side  Humans  Mis-configurations  Design Problems  <Audience>  <Audience>
QUESTIONS BEING RAISED TO US  Many times we get some vulnerabilities but can’t exploit.  No public exploits available.  Not allowed on the system.  Countermeasure blocking it.  Exploit completed but no session was generated :P Kya hai tumhare paas?
QUESTIONS BEING RAISED TO US  Hardened Systems  Patches in place  Countermeasures blocking scans and exploits  Security incident monitoring and blocking Kya hai tumhare paas?
QUESTIONS BEING RAISED TO US  Just a bad day.  Exploit completed but no session was generated :P Kya hai tumhare paas?
ALTERNATIVES  Open file shares.  Sticky slips.  Social Engineering attacks.  Man In The Middle (many types)  SMB Relay  <Audience>  <Audience>
THE ANSWER TO THE QUESTIONS TEENSY  A USB Micro-controller device.  We will use Teensy ++ which is a newer version of Teensy.  Available for $24 from pjrc.com Mere paas Teensy hai
USING TEENSY  Find an unattended system and insert the teensy device in USB port.  Fool your victim by disguising it as a mouse, USB toy, Thumb drive etc.  Generally Teensy needs just a minute to complete the job.  You can program it according to your needs.  Undetected and unblocked, Teensy works great for popping shells.
WHAT’S DONE  Arduino-Based attack vector in Social Engineering Toolkit by David Kennedy  Contains some really awesome payloads.  Almost all payloads are for popping shells.
WHAT WE WILL DO  Teensy can be used for much more than popping shells.  It can be used to perform pre and post exploitation.  We will have a detailed look at some of these payloads and will understand how to create payloads as per our needs.
DESCRIPTION OF PAYLOADS  More for Windows as desktops are generally based on Windows.  Payloads vary from one line commands to powerful scripts.  If you know powershell scripting, payloads will make more sense and will be easier to customize.
DEMO
WINDOWS USER ADD
THANK YOU
DEFAULT DNS
EDIT HOSTS FILE
ENABLE RDP
BUT  What if even Teensy doesn’t work? With other options not working already?  If USB ports are ripped off?  Would it be impossible to pwn such environment?
ENABLE TELNET
FORCEFUL BROWSING
DOWNLOAD AND EXECUTE
SETHC AND UTILMAN BACKDOOR
UNINSTALL APPLICATION
REGISTRY EXPORT
TWEET
HASHDUMP
CODE EXECUTION
KEYLOGGING
LIMITATIONS  Limited storage in Teensy. Resolved if you attach a SD card with Teensy.  Inability to “read” from the system. You have to assume the responses of victim OS and there is only one way traffic.
FUTURE  Kautilya  Improvement in current payloads.  New payloads for non-traditional shells.  Dropping executables using additional storage (already done).
CONCLUSION  If used wisely Teensy can be used as a complete penetration testing device though with its own limitations.  It’s a cheap device so use it.  Please use Kautilya and give feedback after it is released. Mere paas Teensy hai
THANK YOU  Questions?  Insults?  Feedback?

Recomendados

10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find Them10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find ThemRosie Sherry
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF PrincipleMarco Gralike
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014TonikJDK
 
Testing web security security of web sites and applications
Testing web security security of web sites and applicationsTesting web security security of web sites and applications
Testing web security security of web sites and applicationsHuong Muoi
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSeniorStoryteller
 
How to prevent a laptop crash
How to prevent a laptop crashHow to prevent a laptop crash
How to prevent a laptop crashShae
 
Sai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalistSai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalistOdd-e
 

Recomendados

10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find Them10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find ThemRosie Sherry
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF PrincipleMarco Gralike
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014TonikJDK
 
Testing web security security of web sites and applications
Testing web security security of web sites and applicationsTesting web security security of web sites and applications
Testing web security security of web sites and applicationsHuong Muoi
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSeniorStoryteller
 
How to prevent a laptop crash
How to prevent a laptop crashHow to prevent a laptop crash
How to prevent a laptop crashShae
 
Sai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalistSai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalistOdd-e
 
Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conferencexsist10
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 
The complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceThe complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceeyob eshetu
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsJan Schaumann
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Noah Sussman
 
CS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureCS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureJohn Rooksby
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
App locker
App lockerApp locker
App lockerConcentrated Technology
 
Macintosh Myths
Macintosh MythsMacintosh Myths
Macintosh Mythsjaberg
 
Basic computer and RAM troubleshooting
Basic computer and RAM troubleshootingBasic computer and RAM troubleshooting
Basic computer and RAM troubleshootingLeah Gonzales
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license keyHayWhitfield72
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Charity Majors
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouE Hacking
 
AEPWP09292016
AEPWP09292016AEPWP09292016
AEPWP09292016Demi Washington
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Defense at Scale
Defense at ScaleDefense at Scale
Defense at ScaleJan Schaumann
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)ClubHack
 

Mais conteúdo relacionado

Mais procurados

Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conferencexsist10
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 
The complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceThe complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceeyob eshetu
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsJan Schaumann
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Noah Sussman
 
CS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureCS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureJohn Rooksby
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Macintosh Myths
Macintosh MythsMacintosh Myths
Macintosh Mythsjaberg
 
Basic computer and RAM troubleshooting
Basic computer and RAM troubleshootingBasic computer and RAM troubleshooting
Basic computer and RAM troubleshootingLeah Gonzales
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license keyHayWhitfield72
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Charity Majors
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouE Hacking
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 

Mais procurados (19)

Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conference
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 
The complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceThe complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenance
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted Locations
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?
 
CS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureCS5032 Lecture 2: Failure
CS5032 Lecture 2: Failure
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
 
App locker
App lockerApp locker
App locker
 
Macintosh Myths
Macintosh MythsMacintosh Myths
Macintosh Myths
 
Basic computer and RAM troubleshooting
Basic computer and RAM troubleshootingBasic computer and RAM troubleshooting
Basic computer and RAM troubleshooting
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license key
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
 
AEPWP09292016
AEPWP09292016AEPWP09292016
AEPWP09292016
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
 
Defense at Scale
Defense at ScaleDefense at Scale
Defense at Scale
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 

Destaque

Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)ClubHack
 
Implementing Agile Marketing at e-FOOD.gr
Implementing Agile Marketing at e-FOOD.grImplementing Agile Marketing at e-FOOD.gr
Implementing Agile Marketing at e-FOOD.grGeorge Giannakeas
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Development of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDevelopment of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDr David Probert
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
IA/UX Spy School
IA/UX Spy SchoolIA/UX Spy School
IA/UX Spy SchoolJoe Dyer
 
Competitive Intelligence Analysis
Competitive Intelligence AnalysisCompetitive Intelligence Analysis
Competitive Intelligence AnalysisGeorge Giannakeas
 
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...IntelCollab.com
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
COMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCECOMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCERobbySahoo
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007ClubHack
 

Destaque (20)

Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 
Implementing Agile Marketing at e-FOOD.gr
Implementing Agile Marketing at e-FOOD.grImplementing Agile Marketing at e-FOOD.gr
Implementing Agile Marketing at e-FOOD.gr
 
HUMINT Analysis Resume
HUMINT Analysis ResumeHUMINT Analysis Resume
HUMINT Analysis Resume
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Development of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDevelopment of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and Organisation
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
 
IA/UX Spy School
IA/UX Spy SchoolIA/UX Spy School
IA/UX Spy School
 
Competitive Intelligence Analysis
Competitive Intelligence AnalysisCompetitive Intelligence Analysis
Competitive Intelligence Analysis
 
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
 
COMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCECOMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCE
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
 

Semelhante a Mere Paas Teensy Hai (Nikhil Mittal)

More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shellNikhil Mittal
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosCharity Majors
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfTravisMcPeak1
 
From 🤦 to 🐿️
From 🤦 to 🐿️From 🤦 to 🐿️
From 🤦 to 🐿️Ori Pekelman
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Application compatibility final
Application compatibility finalApplication compatibility final
Application compatibility finalHarold Wong
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentBrian Henerey
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdminsPuppet
 
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docxCTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docxannettsparrow
 
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Burr Sutter
 
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.02014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0Joakim Lindbom
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everDevSecCon
 
30 days or less: New Features to Production
30 days or less: New Features to Production30 days or less: New Features to Production
30 days or less: New Features to ProductionKarthik Gaekwad
 

Semelhante a Mere Paas Teensy Hai (Nikhil Mittal) (20)

More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HID
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just Chaos
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
 
From 🤦 to 🐿️
From 🤦 to 🐿️From 🤦 to 🐿️
From 🤦 to 🐿️
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
Application compatibility final
Application compatibility finalApplication compatibility final
Application compatibility final
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous Deployment
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdmins
 
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docxCTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
 
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
 
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.02014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one ever
 
30 days or less: New Features to Production
30 days or less: New Features to Production30 days or less: New Features to Production
30 days or less: New Features to Production
 
BNI, 10-Minute Pres, IT Business
BNI, 10-Minute Pres, IT BusinessBNI, 10-Minute Pres, IT Business
BNI, 10-Minute Pres, IT Business
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 

Mais de ClubHack

Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)ClubHack
 
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)ClubHack
 
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)ClubHack
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)ClubHack
 

Mais de ClubHack (20)

Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
 
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
 
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Mere Paas Teensy Hai (Nikhil Mittal)

  • 1. MERE PAAS TEENSY HAI OR COMPROMISING A HIGHLY SECURE ENVIRONMENT PART 2 Nikhil Mittal (SamratAshok)
  • 2. ABOUT ME  SamratAshok  Twitter - @nikhil_mitt  Penetration Tester with PwC India  I am interested in Offensive Information Security, new attack vectors and methodologies to pwn systems.  Creator of Kautilya and Maareech  Previous Talks  Ultimate Pen Testing: Compromising a highly secure environment Clubhack’10  Here are your Keystrokes Hackfest’11  Upcoming Talks  Kautilya: Teensy beyond shell Blackhat Abu Dhabi’11
  • 3. OVERVIEW  Why the Title?  Current State of Pentesting  Questions being raised to us  The answer to the questions  What’s done  What we will do  Limitations  Future  Conclusion
  • 4. WHY THE TITLE?  What I Told to the ClubHack team:  I talked about compromising a highly secure environment last year, let’s continue with the pwnage!!  Thanks to the team for buying that and allowing me to speak.  The real reason:
  • 5.
  • 6. A TYPICAL PEN TEST SCENARIO  A client engagement comes with IP addresses.  We need to complete the assignment in very restrictive time frame.  Pressure is on us to deliver a “good” report with some high severity findings. (That “High” return inside a red colored box)
  • 7. CURRENT STATE OF PENTESTING Vuln Exploit Report Scan
  • 8.  This is a best case scenario.  Only lucky ones find that.  Generally legacy Enterprise Applications or Business Critical applications are not upgraded.  There is almost no fun doing it that way.
  • 9. SOME OF US DO IT BETTER Enum Scan Exploit Report
  • 10. SOME OF US DO IT EVEN BETTER Enum Post + Scan Exploit Report Exp Intel
  • 11. WHY DO WE NEED TO EXPLOIT?  To gain access to the systems.  This shows the real threat to clients that we can actually make an impact on their business. No more “so-what”   We can create reports with “High” Severity findings.  <Audience>  <Audience>
  • 12. WHAT DO WE EXPLOIT?  Memory Corruption bugs.  Server side  Client Side  Humans  Mis-configurations  Design Problems  <Audience>  <Audience>
  • 13. QUESTIONS BEING RAISED TO US  Many times we get some vulnerabilities but can’t exploit.  No public exploits available.  Not allowed on the system.  Countermeasure blocking it.  Exploit completed but no session was generated :P Kya hai tumhare paas?
  • 14. QUESTIONS BEING RAISED TO US  Hardened Systems  Patches in place  Countermeasures blocking scans and exploits  Security incident monitoring and blocking Kya hai tumhare paas?
  • 15. QUESTIONS BEING RAISED TO US  Just a bad day.  Exploit completed but no session was generated :P Kya hai tumhare paas?
  • 16. ALTERNATIVES  Open file shares.  Sticky slips.  Social Engineering attacks.  Man In The Middle (many types)  SMB Relay  <Audience>  <Audience>
  • 17. THE ANSWER TO THE QUESTIONS TEENSY  A USB Micro-controller device.  We will use Teensy ++ which is a newer version of Teensy.  Available for $24 from pjrc.com Mere paas Teensy hai
  • 18. USING TEENSY  Find an unattended system and insert the teensy device in USB port.  Fool your victim by disguising it as a mouse, USB toy, Thumb drive etc.  Generally Teensy needs just a minute to complete the job.  You can program it according to your needs.  Undetected and unblocked, Teensy works great for popping shells.
  • 19. WHAT’S DONE  Arduino-Based attack vector in Social Engineering Toolkit by David Kennedy  Contains some really awesome payloads.  Almost all payloads are for popping shells.
  • 20. WHAT WE WILL DO  Teensy can be used for much more than popping shells.  It can be used to perform pre and post exploitation.  We will have a detailed look at some of these payloads and will understand how to create payloads as per our needs.
  • 21. DESCRIPTION OF PAYLOADS  More for Windows as desktops are generally based on Windows.  Payloads vary from one line commands to powerful scripts.  If you know powershell scripting, payloads will make more sense and will be easier to customize.
  • 22. DEMO
  • 24.
  • 25.
  • 26.
  • 31. BUT  What if even Teensy doesn’t work? With other options not working already?  If USB ports are ripped off?  Would it be impossible to pwn such environment?
  • 32.
  • 36. SETHC AND UTILMAN BACKDOOR
  • 39. TWEET
  • 43. LIMITATIONS  Limited storage in Teensy. Resolved if you attach a SD card with Teensy.  Inability to “read” from the system. You have to assume the responses of victim OS and there is only one way traffic.
  • 44. FUTURE  Kautilya  Improvement in current payloads.  New payloads for non-traditional shells.  Dropping executables using additional storage (already done).
  • 45. CONCLUSION  If used wisely Teensy can be used as a complete penetration testing device though with its own limitations.  It’s a cheap device so use it.  Please use Kautilya and give feedback after it is released. Mere paas Teensy hai
  • 46. THANK YOU  Questions?  Insults?  Feedback?