SlideShare uma empresa Scribd logo
1 de 51
Baixar para ler offline
EVIL DATA MINING
 FOR FUN AND PROFIT!
Contents
● Web Scraping
● Quick and Dirty SQL Injections
● iPhones, WiFi and Evil Twins
● Hacking Neighbours
● Port scanning on Steroids
Introduction
●   Fredrik Nordberg Almroth (@Almroot)
    Head application engineer and co-founder @ detectify.com
    IT-security guy
    Hacked Google. Twice.

●   Johan Edholm (@norrskal)
    Server administrator and co-founder @ detectify.com
    Worked with IT security analytics and anti-scraping
    Studied system and network management in Linux
What is Detectify?




Detectify is an automated vulnerability scanner.
●   You sign up using beta code.
●   You press start!


●   Detectify emulates a hacking attack.
●   You get a report regarding your vulnerabilities.
●   Detectify is currently in closed beta!

●   You may try it for free using the beta code: HyperMine

●   http://detectify.com/

●   We love feedback! :)
What is data mining?
●   Data mining is mostly associated with statistics and machine learning.

●   ...or discovery of patterns (intelligence) in large datasets...

●   No fancy algorithms! Just real life examples.
Web scraping
● Grab content from websites
● Host somewhere else
● Study the data
● Sell the data
Web scraping
● Manual copy-paste
Web scraping
Web scraping
● Googlebot
Web scraping
● Bad scrapers
  ○ Downloadable or online tools
  ○ Homemade scripts
  ○ HTTP rewriters
Web scraping
● Homemade scripts
  ○   Made for one site/purpose
  ○   No hacking
  ○   May be against ToS
  ○   Probably legal
Web scraping
● Sosseblaskan.se
  ○   Copy of aftonbladet (rewrite)
  ○   A joke
  ○   Not ads for aftonbladet
  ○   Not phishing
  ○   Illegal
SQL
● Structured Query Language

● Used to talk with databases. MySQL, PostgreSQL, etc...
How it's used
● Websites use databases to maintain data.

● The SQL queries often contain user-data.

● You search on a website for a few keywords.

● The odds of it being done by some SQL dialect is huge.
What could possibly go wrong?
● User supplied data may alter the SQL query.

● Example:
   SELECT title FROM blog WHERE title = '$search_keywords';


● If the searched data contain a quote, the SQL query will
   break.

● Attackers may gain other data than just the "blog title".

● Usernames, passwords, emails, credit-cards...
SQL Injections
● Devastating attack.

● Worst part. It's really common.

● Remember Sony last year?
● Victims 2012.
  ○   eHarmony
  ○   last.fm
  ○   Yahoo!
  ○   Android Forums
  ○   Billabong
  ○   Formspring
  ○   nVidia
  ○   Gamigo
  ○   ...List goes on...
● Thousands of sites attacked daily.

● Incredibly easy to get going.

● Loads of guides and tools on the internet.

● Devastating for the vulnerable organizations.
LIVE DEMO!
(This is the time we'll stand here and struggle with the equipment.)
Fun with WLAN
● Create an evil twin
● Jasager
Evil twin
● You connect to eg. "espresso house free"
● iPhone will save and remember that network
● When you come back it will automatically
  connect
Evil twin
● Someone creates a network called
  "espresso house free"
● Your phone will automatically connect
What if the attacker don't know which
networks you've been connected to?
Jasager
Fun with WLAN
● Works on everything
  ○ Windows, linux, Mac, Android, iPhone etc
● Can be monitored
  ○ See which networks you are looking for and in which
    order
Fun with WLAN
WiGLE.net
IT-Security @ Home
● Devices on local networks.
  ○   Routers
  ○   Printers
  ○   Heat Pumps
  ○   Laptops
  ○   PC's
  ○   Tablets
  ○   Cellphones
  ○   XBOX'es
  ○   ...etc...
Telecom operator ComHem provide "Tre-hål-i-väggen"
● Routers may act as switches

● IP Forwarding

● You can see your neighbours devices
● Portscan!

● A port scanner finds open services on IP-
  addresses.

● nmap
● Find vulnerability
  or
● Weak (default) password
  or
● No password!


  Protip:
  http://www.routerpasswords.com/
GAME OVER
Conclusion
You can with ease gain access to your
neighbours data.
Speaking of portscanning...
● Spring 2010, the "spoon" project.

● Got interested in packet crafting.

● 3000 packets/second
● Sweden got 25.000.000 allocated IPv4-addresses.

● ...Results in a timeframe of 2 hours and 20 min to scan.

● Resolve all servers on a given port in a Sweden.

● Could of course be applied to any country.
● Early 2011, "spoon2".

● 30000 packets/second. Ten times as fast!

● From 2½ hour, to approximate 15 minutes.

● Same result.
● Imagine a company. Like ACME Corp.

● 10 servers running "spoon2".

● Get a fresh map of Sweden every 90 second.

● 100 servers, every 9'th second second.
● ACME Corp got potential to become a global "pingdom".

● Results in large scale data mining.

● Would require loads of clever algorithms and
  infrastructure to maintain it all though.
shodanhq.com
● The firm shodanhq already crawls countries for open
  services.

● Identified ~438.000 web servers in Sweden alone.

● Mostly devices found on local networks.
  (routers / printers).

● No security. Loads of vulnerable devices.
● Eavesdrop your neighbour? No problem.

● Why bother?

● Can be applied to a whole country.
Summary
● Web Scraping
● Quick and Dirty SQL Injections
● iPhones, WiFi and Evil Twins
● Hacking Neighbours
● Port scanning on Steroids
Q&A
     Hack the planet!




http://detectify.com/
References
●   http://www.theta44.org/karma/aawns.pdf

●   http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet

●   http://krebsonsecurity.com/2010/06/wi-fi-street-smarts-iphone-edition/

●   http://nmap.org/6/

●   http://www.ietf.org/rfc/rfc793.txt

●   http://www.ietf.org/rfc/rfc791.txt

●   http://www.ietf.org/rfc/rfc1323.txt

●   http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/

Mais conteúdo relacionado

Mais procurados

2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous CommunicationFabio Pietrosanti
 
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
 Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th... Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...i_scienceEU
 
Hacking its types and the art of exploitation
Hacking its types and the art of exploitationHacking its types and the art of exploitation
Hacking its types and the art of exploitationShubhamChoudhary171
 
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja  Software Freedom Day 2013 Johannesburg, South AfricaSecrets of a linux ninja  Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaJumping Bean
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopDefcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopPriyanka Aash
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 

Mais procurados (14)

2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
 
Dark web
Dark webDark web
Dark web
 
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
 Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th... Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
 
Hacking its types and the art of exploitation
Hacking its types and the art of exploitationHacking its types and the art of exploitation
Hacking its types and the art of exploitation
 
Dark net
Dark netDark net
Dark net
 
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja  Software Freedom Day 2013 Johannesburg, South AfricaSecrets of a linux ninja  Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peopDefcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Darknet
DarknetDarknet
Darknet
 
Darknet
DarknetDarknet
Darknet
 

Semelhante a Hyper Island - 2012

Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesMichael Scovetta
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Hit by a Cyberattack: lesson learned
 Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful TrainSmartLogic
 
On hacking & security
On hacking & security On hacking & security
On hacking & security Ange Albertini
 
IntoWebGL - Unite Melbourne 2015
IntoWebGL - Unite Melbourne 2015IntoWebGL - Unite Melbourne 2015
IntoWebGL - Unite Melbourne 2015Ryan Alcock
 
Python in Industry
Python in IndustryPython in Industry
Python in IndustryDharmit Shah
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
Crawling and Processing the Italian Corporate Web
Crawling and Processing the Italian Corporate WebCrawling and Processing the Italian Corporate Web
Crawling and Processing the Italian Corporate WebSpeck&Tech
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
IoT Domain Naming and Pain Points
IoT Domain Naming and Pain PointsIoT Domain Naming and Pain Points
IoT Domain Naming and Pain PointsDavid Fowler
 

Semelhante a Hyper Island - 2012 (20)

Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
 
IT in 2017
IT in 2017IT in 2017
IT in 2017
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
Hit by a Cyberattack: lesson learned
 Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful Train
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
IntoWebGL - Unite Melbourne 2015
IntoWebGL - Unite Melbourne 2015IntoWebGL - Unite Melbourne 2015
IntoWebGL - Unite Melbourne 2015
 
Python in Industry
Python in IndustryPython in Industry
Python in Industry
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas More
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
 
Crawling and Processing the Italian Corporate Web
Crawling and Processing the Italian Corporate WebCrawling and Processing the Italian Corporate Web
Crawling and Processing the Italian Corporate Web
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
IoT Presentation slides
IoT Presentation slidesIoT Presentation slides
IoT Presentation slides
 
IoT Domain Naming and Pain Points
IoT Domain Naming and Pain PointsIoT Domain Naming and Pain Points
IoT Domain Naming and Pain Points
 

Último

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!Memoori
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
A PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxA PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxatharvdev2010
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationBuild Intuit
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 

Último (20)

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
A PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxA PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientation
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 

Hyper Island - 2012

  • 1. EVIL DATA MINING FOR FUN AND PROFIT!
  • 2. Contents ● Web Scraping ● Quick and Dirty SQL Injections ● iPhones, WiFi and Evil Twins ● Hacking Neighbours ● Port scanning on Steroids
  • 3. Introduction ● Fredrik Nordberg Almroth (@Almroot) Head application engineer and co-founder @ detectify.com IT-security guy Hacked Google. Twice. ● Johan Edholm (@norrskal) Server administrator and co-founder @ detectify.com Worked with IT security analytics and anti-scraping Studied system and network management in Linux
  • 4. What is Detectify? Detectify is an automated vulnerability scanner.
  • 5. You sign up using beta code.
  • 6. You press start! ● Detectify emulates a hacking attack.
  • 7. You get a report regarding your vulnerabilities.
  • 8. Detectify is currently in closed beta! ● You may try it for free using the beta code: HyperMine ● http://detectify.com/ ● We love feedback! :)
  • 9. What is data mining? ● Data mining is mostly associated with statistics and machine learning. ● ...or discovery of patterns (intelligence) in large datasets... ● No fancy algorithms! Just real life examples.
  • 10. Web scraping ● Grab content from websites ● Host somewhere else ● Study the data ● Sell the data
  • 14. Web scraping ● Bad scrapers ○ Downloadable or online tools ○ Homemade scripts ○ HTTP rewriters
  • 15. Web scraping ● Homemade scripts ○ Made for one site/purpose ○ No hacking ○ May be against ToS ○ Probably legal
  • 16. Web scraping ● Sosseblaskan.se ○ Copy of aftonbladet (rewrite) ○ A joke ○ Not ads for aftonbladet ○ Not phishing ○ Illegal
  • 17. SQL ● Structured Query Language ● Used to talk with databases. MySQL, PostgreSQL, etc...
  • 18. How it's used ● Websites use databases to maintain data. ● The SQL queries often contain user-data. ● You search on a website for a few keywords. ● The odds of it being done by some SQL dialect is huge.
  • 19. What could possibly go wrong? ● User supplied data may alter the SQL query. ● Example: SELECT title FROM blog WHERE title = '$search_keywords'; ● If the searched data contain a quote, the SQL query will break. ● Attackers may gain other data than just the "blog title". ● Usernames, passwords, emails, credit-cards...
  • 21. ● Devastating attack. ● Worst part. It's really common. ● Remember Sony last year?
  • 22. ● Victims 2012. ○ eHarmony ○ last.fm ○ Yahoo! ○ Android Forums ○ Billabong ○ Formspring ○ nVidia ○ Gamigo ○ ...List goes on...
  • 23. ● Thousands of sites attacked daily. ● Incredibly easy to get going. ● Loads of guides and tools on the internet. ● Devastating for the vulnerable organizations.
  • 24. LIVE DEMO! (This is the time we'll stand here and struggle with the equipment.)
  • 25. Fun with WLAN ● Create an evil twin ● Jasager
  • 26. Evil twin ● You connect to eg. "espresso house free" ● iPhone will save and remember that network ● When you come back it will automatically connect
  • 27. Evil twin ● Someone creates a network called "espresso house free" ● Your phone will automatically connect
  • 28. What if the attacker don't know which networks you've been connected to?
  • 29.
  • 31. Fun with WLAN ● Works on everything ○ Windows, linux, Mac, Android, iPhone etc ● Can be monitored ○ See which networks you are looking for and in which order
  • 33. IT-Security @ Home ● Devices on local networks. ○ Routers ○ Printers ○ Heat Pumps ○ Laptops ○ PC's ○ Tablets ○ Cellphones ○ XBOX'es ○ ...etc...
  • 34. Telecom operator ComHem provide "Tre-hål-i-väggen"
  • 35. ● Routers may act as switches ● IP Forwarding ● You can see your neighbours devices
  • 36.
  • 37. ● Portscan! ● A port scanner finds open services on IP- addresses. ● nmap
  • 38.
  • 39. ● Find vulnerability or ● Weak (default) password or ● No password! Protip: http://www.routerpasswords.com/
  • 41. Conclusion You can with ease gain access to your neighbours data.
  • 42. Speaking of portscanning... ● Spring 2010, the "spoon" project. ● Got interested in packet crafting. ● 3000 packets/second
  • 43. ● Sweden got 25.000.000 allocated IPv4-addresses. ● ...Results in a timeframe of 2 hours and 20 min to scan. ● Resolve all servers on a given port in a Sweden. ● Could of course be applied to any country.
  • 44. ● Early 2011, "spoon2". ● 30000 packets/second. Ten times as fast! ● From 2½ hour, to approximate 15 minutes. ● Same result.
  • 45. ● Imagine a company. Like ACME Corp. ● 10 servers running "spoon2". ● Get a fresh map of Sweden every 90 second. ● 100 servers, every 9'th second second.
  • 46. ● ACME Corp got potential to become a global "pingdom". ● Results in large scale data mining. ● Would require loads of clever algorithms and infrastructure to maintain it all though.
  • 47. shodanhq.com ● The firm shodanhq already crawls countries for open services. ● Identified ~438.000 web servers in Sweden alone. ● Mostly devices found on local networks. (routers / printers). ● No security. Loads of vulnerable devices.
  • 48. ● Eavesdrop your neighbour? No problem. ● Why bother? ● Can be applied to a whole country.
  • 49. Summary ● Web Scraping ● Quick and Dirty SQL Injections ● iPhones, WiFi and Evil Twins ● Hacking Neighbours ● Port scanning on Steroids
  • 50. Q&A Hack the planet! http://detectify.com/
  • 51. References ● http://www.theta44.org/karma/aawns.pdf ● http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet ● http://krebsonsecurity.com/2010/06/wi-fi-street-smarts-iphone-edition/ ● http://nmap.org/6/ ● http://www.ietf.org/rfc/rfc793.txt ● http://www.ietf.org/rfc/rfc791.txt ● http://www.ietf.org/rfc/rfc1323.txt ● http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/