Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Botnets, malware and network attacks
1.
2. I am…
• C a r m e n T o r r a n o Giménez
• Ph d St u d e n t a t CSI C
• Re s e a r c h o n
C o mp u t e r S e c u r i t y
• w w w .f l u -p r o j e c t .c o m
3. I am…
• Pa b l o González
(@f l u p r o j e c t )
• He a d o f
s e c u r i t y
d e p a r t me n t
a t I n f o r ma t i c a
64
4. I am…
• J u a n An t o n i o Ca l l e s
(@j a n t o n i o C a l l e s )
• Se c u r i t y Te a m
L e a d e r a t
Ev e r i s Sp a i n
• e l b l o g d e c a l l e s .b l o
g s p o t .c o m
5. T i me l i n e
Da t a
Ne t wo r k
At t a c k s !
Ma l w a r e
a n d
Bo t n e t s
Wh a t i s
Fl u
Pr o j e c t ?
7. What is… Flu?
An t i
c y b e r g r o o m
Et h i c a l i n g wi t h
Ha c k i n g An t i
Fr e eepr edador
D
e s
C o mmu
n i t y
Ap p l i c a t i o n So c i a l
d e v e l o p me n t Awa r e n e s s
8. Ap p l i c a t i o n
d e v e l o p me n t
• Fl u
• A n u b i s (f o o t p r i n t i n g
a n d f i n g e r p r i n t i n g )
• L i b e r a d a Wi f i
(d e f a u l t k e y
g e n e r a t i o n f o r Wi f i
r o u t e r s )
• F l u n y m 0u s
(v u l n e r a b i l i t y
s c a n n e r Mo o d l e ,
Wo r d p r e s s )
12. Ma l w a r e
Cl a s s e s
• Vi r u s e s
• Wo r ms
• Tr o j a n s
• Ro o t k i t s
• Sp y wa r e
• Ti me b o mb s
13. Vi r u s e s
• Th e y a r e o n l y a k i n d
o f ma l w a r e
• Wh a t i s t h e i r g o a l ?
De s t r u c t i o n !
• Fl u i s n o t a v i r u s
14. Vi r u s Ph a s e s
At t a c k
Pr o p a g a t i o n
D o r ma n t
15. Ty p e s …
• Bo o t
• Fi l e s
• P o l y mo r p h i c
• Ma c r o
16. Wo r m s
• Wh a t a r e t h e y ?
• Ke y f e a t u r e :
Re p l i c a t i o n
• Fl u i s n o t a wo r m
17. Tr o j a n s
• Wh a t a r e t h e y ?
Po we r f u l !
• R e mo t e c o n t r o l
• Di r e c t a n d r e v e r s e
• Ye a h ! Fl u i s a t r o j a n
b u t …
…I t ’s a e d u c a t i o n a l
18. Ro o t k i t s
• Wh a t a r e t h e y ?
• R o o t k i t != m a n a g e m e n t O R
r e mo t e c o n t r o l
s o f t wa r e
• Ke y f e a t u r e : t h e y
h i d e t h i n g s …
19. Sp y wa r e
• Wh a t i s i t ?
• N o t h a r mf u l ma l w a r e
b u t
a t t e mp t s a g a i n s t
p r i v a c y
• Ke y f e a t u r e : Sp y &
St a t i s t i c s
20. T i me b o mb s
• Wh a t a r e t h e y ?
S i mp l e c o d e b u t …
d e s t r u c t i v e !
• Ke y f e a t u r e : d e l a y e d
a c t i o n
• Ba s h , Sh , Ks h , Da s h ,
c md , P o w e r S h e l l …
• …And, F l u i s n o t a t i m e
b o mb
22. Bo t n e t s
• Wh a t a r e t h e y ?
• Bo t s , z o mb i e s ,
b o t ma s t e r
• Fl u
• St a t i s t i c s : 10% o f y o u
b e l o n g t o a b o t n e t !!
• DOS a t t a c k –
An o n y m o u s (a g a i n s t
I n t e r n e t
c e n s h o r s h i p - h a c k e d
23. Fl u Fe a t u r e s
• Hi d d e n i n t h e u s e r
f o l d e r , h i d d e n
p r o c e s s
• Ha a S: Ha c k i n g a s a
Se r v i c e
• Bo t g e n e r a t o r
• C l i e n t -s e r v e r
a r c h i t e c t u r e
24. • WA M P
(Wi n d o w s ,
Ap a c h e ,
My S q l
a n d PHP)
• Wi n d o w s +
.N e t
F r a me w o r k
28. Fl u f e a t u r e s
• D y n a mi c I D i n X ML
f i l e
• C o mma n d s d i r e c t e d
t o :
– A s p e c i f i c c o mp u t e r
– T h e wh o l e b o t n e t
29. Fl u f e a t u r e s
• AES e n c r i p t i o n (128
b i t s )
• Ha s h o f t h e f i l e s
• GUI f o r An d r o i d
• Un d e r g r a d u a t e
t h e s i s a t De u s t o
Un i v e r s i t y
37. Eve
IP 10.0.0.50
ARP Request
MAC 00:00:00:00:00:50
ARP Reply
Who is 10.0.0.20?
10.0.0.20 is in 00:00:00:00:00:20
Alice Bob
IP 10.0.0.10 IP 10.0.0.20
MAC 00:00:00:00:10 MAC 00:00:00:00:20
IP: MAC:
MAC: IP: MAC:
IP: 10.0.0.20 – BOB 00:00:00:00:00:20 – BOB
MAC: IP: 10.0.0.10 – ALICE 00:00:00:00:00:10 – ALICE
MAC:
10.0.0.20 – BOB 00:00:00:00:00:50 - ATTACKER 10.0.0.10 – ALICE 00:00:00:00:00:50 - ATTACKER
38. Go a l s o f
MI T M
•St e a l i ng :
– p a s s wo r d s
–h a s h e s
–f i l e s
–s e s s i o n s
41. Hi j a c k i n g
• Go a l : S t e a l u s e r
i d e n t i t y /s e s s i o n
(i m p e r s o n a t i o n )
• Ty pe s : t r a ns por t
l a y e r , a ppl i c a t i on
l a y e r
• We f o c u s o n H T T P
C o mmu n i c a t i o n
42. Hi j a c k i n g
•I do not ne e d y our
p a s s wo r d !
• HT T Ps
(a u t h e n t i c a t i o n ),
H T T P (r e s t of t he
s e s s i on)
•I ns e c ur e
c o mmu n i c a t i o n s -
Co o k i e St ol e n…
45. Pr o u d …
• J u a n a n and…
• “L a b i b l i a d e l
Fo o t p r i n t i n g ”
• F r e e !!!
46. …And P r o u d … :D
• Pablo and… h i s b o o k
• “P o w e r S h e l l : L a
n a v a j a s u i z a d e l o s
a d mi n i s t r a d o r e s d e
s i s t e ma s ”
•Sa d … No t F r e e :(
47. Sh o p p i n g !
•5 E u r o s !
•R e a l l y ? ?
Ye a h !
• Fi n a n c e … f o r
Pr o j e c t !
49. w w w .f l u -
p r o j e c t .c o m
@f l u p r o j e c
t
@j a n t o n i o
Ca l l e s
G @c tp oo r F l n o
r u r a u
Pg o j e c t
r
Gr u p o Fl u
Pr o j e c t
Fe e d s .f e e d b u r n e r .
c o m /F l u P r o j e c t